Cyber security is a top risk management concern for Australian businesses, with eight in 10 organisations hit by ransomware. And research shows small businesses are likely to have poor security practices due to common misconceptions about the threat.
It is such a hot issue that the Federal Government appointed the first Minister for Cyber Security in a G20 country last June – Claire O’Neil has the role. The government is also investing $1.67 billion until 2030 as part of its current Cyber Security Strategy.
But small businesses will still need to do their bit in identifying and dealing with cyber risks in their quarters. Start by adopting these ‘quick wins’ for small businesses, including for your portable devices, website, end-of-support, and password manager.
Start by checking your assumptions about your insurance coverage for cyberattacks. We outline the top four myths below.
Myth #1: Cyber coverage is just for business technology
Cyber insurance covers ‘network and privacy liability’, so it’s not just about the data stored on your company computers. Cyber security policies typically cover costs associated with the following:
- Data breaches including theft or loss of client information
- Network security breaches
- Business interruption
- Forensic investigation into the cause or scope of a breach
- Data recovery
- Cyber extortion
- Crisis management
- Loss and legal costs, including fines and penalties resulting from a third party claim for data or network security breach against your company
Myth #2: My general liability policy will protect my company.
General liability cover relates to third-party claims for bodily injury or property damage due to your company’s negligence. It generally won’t cover a third party’s financial loss.
Myth #3: Cyber insurance is unnecessary. We invest in IT security…
IT security won’t protect you from all risks of hacking or human error – the risk exposure remains. And hackers are one step ahead, even using the artificial intelligence app, ChatGPT, to write malicious code.
More galling is that last year it took an average of nine months to identify and contain a cyber breach, according to IBM. Their report found the average data breach cost for any sized Australian company from their sample was $2.92 million in 2022. This makes our nation the 11th highest of 17 countries surveyed for cyber breaches. As for small businesses, the average cost of a cyber strike is about $10,000, according to the Australian Small Business and Family Enterprise Ombudsman.
If the worst happens and a hacker gets in, or a rogue staff member lets you down, what next? Companies that don’t take proper care of customer data face increasing penalties under the Privacy Act. Find out more about this issue from Coulter Legal.
Myth #4: We don’t collect personal data, so cyber insurance isn’t for us
Think again. Ransomware can enter your business through funds transfer fraud, business interruption and system damage. It involves and can jeopordise sensitive data your company might collect. Other examples include:
- Business-critical activities
- Electronic banking involving payment redirection as well as false billing scams
- Employees’ personal data
- Compromising emails
- Intellectual property, and
- Mobile phone ransomware attacks.
Your guide by the side
Research from RMIT University suggests that small business characteristics, such as agility, large cohort size, and piecemeal IT architecture, could allow for increased cyber security. The study points to small businesses forming alliances and the open-source code community helping the sector build its defences against attacks.
Part of your defence involves best-fit insurance, and we’re here to demystify the fine print about your best option. Reach out to make sure you have a comprehensive cyber insurance policy in place for your business.
It’s usually a stand-alone policy that fills the gaps in your other coverages. Cyber insurance offers breadth and depth, including access to incident response expertise, and we’ll draw on our experience to fast-track your claims.