The risk of your business being a victim of cyber-attack is no longer just a fringe possibility. In fact, the number of Cyber-attacks on Australian businesses has risen dramatically in the past decade to 47,000 cyber-related attacks on people and businesses in 2017. Moreover, the risk associated with not adequately insuring your business is only getting more significant. With this in mind, perhaps it’s time to start thinking about how best to mitigate your cyber-liability.
50% of attacks target small business
While it’s difficult to gather reliable figures on the rate and prevalence of cyber-attacks (largely due to the fact that no businesses actively want to advertise that they have been a victim of cyber-crime), industry experts estimate that around 50% of all cyberattacks globally are attacks on small to medium-sized enterprises (SMEs). In fact, this estimate has increased dramatically in more recent years.
Are Cyber attacks a pressing concern?
Cyber liability is becoming a high priority aspect of your business. To put it simply, it deserves your attention and care. Cybercrime is commonly thought of as an attractive avenue for criminals. Due to proximity to the victim(s), the ease with a criminal can cover their tracks and perhaps most attractive; a low-risk, high-reward trade off. In fact, Australians have only recently become all too aware of the risks of cyber-attacks, with more and more being reported to government agencies each year.
Dan Tehan– The minister for assisting the Prime Minister in matters of Cyber security stated recently that “(He) would like to highlight how cyber security is not just the business of national security, but something that must become second nature to all Australians. Cyber security is not just the domain of our intelligence agencies or our defence forces, to protect against silent secrets and cyber-attacks.”
Huge data breach
The comments came after a huge data breach in early April of this year. Soon after, this saw the data and information belonging to more than 400 Australian companies, stolen by hackers. Mr Tehan went on further to state that Australian Government agencies have “over the past year, seen increased targeting of trusted third parties, particularly service providers. These companies are highly attractive targets as they can provide access into a range of primary targets.”
Clearly, cybercrime is an issue, with accelerating technology and innovation providing new and previously unseen ways for criminals to attack your data and information.
Not just a ‘BIG’ business problem
It’s funny, you’d think that with the omnipresence of such large companies like Facebook, Google, eBay or Uber, the smaller business might be off-the-hook when it comes to the risk of cyber-attack. Unfortunately, that’s not the case. Cyber-criminals take an equal opportunity approach when it comes to whom they wish to attack. Thus, any business with a digital presence is at risk. In many cases, it is more profitable for criminals to target and extort smaller businesses, committing large numbers of quick and relatively easy extortion attempts, as opposed to trying for one big fish.
Changes to Federal Cyber-Security laws
In February of this year, the Federal government announced changes to Australia’s data breach and retention laws – whereas before, reporting that your person or business experienced a data or information breach was voluntary. The ushering in of the new Federal laws now state that the mandatory data breach reporting in Australia is required for all incidents that meet the criteria. Most importantly though, the changing of federal cyber-security laws has meant a change in your cyber-liability coverage too.
Are you really covered?
You may say to yourself, your existing plan may include some cover for business insurance or other forms of liability, but will likely not cover cyber liability specifically. Some plans may have specific exclusions with regards to any cyber-attacks you or your company may experience. Gerry Power, Head of Sales at Underwriting Firm, Emergence Insurance, stated recently that more education was needed about cyber risk dangers and that serious concern was that despite training efforts, around 15% of staff still clicked on phishing emails.
Some simple steps to safeguarding your date include:
Further, Mr Power went on to state that “Brokers’ clients are dreaming if they think it won’t happen. Criminals don’t have to steal data to make money, they can just stop you using it.” Ransomware is involved in roughly 45% of claims. “It’s easy to deploy with an off-the-shelf tool kit bought on the dark web.”
You see, everybody knows that sometimes you may just have a need to protect against potential threats, regardless of whether or not they post a genuine or visceral threat to you or your business. As long as you have the correct way of dealing with things, then it doesn’t really matter!
Who Is Impacted?
The new law is an amendment to the Privacy Act and will apply to all entities bound by that act. Namely Federal Government agencies, private sector organisations with an annual turnover above $3 million (and their related companies) and some others. Also, it’s recommended as good practice for smaller private sector organisations who handle a lot of personal data.
Case-Study: Cyber-Liability Claims
(Courtesy: John Shelley- Cunningham Lindsey Cyber Claims Manager-Emergence Insurance Claims Webinar)
A regional Queensland boat dealer suffered a ransomware attack which was “a new breed” of encryption not previously seen. With IT assistance, files were restored from back-ups, no ransom was paid and there was no business interruption because the dealer was operational again within 24 hours.
An accountancy firm was hacked after a patch was not installed and 10,000 records were affected. The insured did not know the personal information was stored on its website. Notification to the Office of the Australian Information Commissioner (OAIC) and affected clients were required under the NDB scheme. A large advisory firm’s phones were hacked (phreaking) via decoding a simple password and expensive international calls made. The Emergence policy covered the additional phone costs and IT experts to install better firewalls.
Josh said lessons learned from the claims examples included:
• Back up files daily
• Install all software updates and patches
• Use complex passwords.
What Should You Do Next?
Fortunately, while you can never 100 per cent guarantee your Cyber Security won’t be breached, you can insure against the costs that often arise in such a situation. A Cyber Liability Insurance policy can cover you for expenses incurred by a cyber attack on your business. Whether you run a general enterprise or a niche service like pool business insurance, tailored cyber coverage is critical.
For more information, contact us to arrange a quote today.
Blogs Related to Business Insurance for Startups
