Cyber crime and your business – building your Game Plan
When it comes to cyber crime, all businesses are fair game. Large organisations aren’t the only victims of cyber crime – small-to-medium businesses are also fair game to hackers and spammers who can create a trail of destruction for business and customers. The right risk management Game Plan can ensure you’re prepared and resilient for all that comes your way, so you can focus on what matters most – building a stronger future for your business.
What you should know
Cyber criminals aren’t fussy about where their revenue comes from – they target businesses of all types and sizes. However, small-to-medium businesses are particularly vulnerable to cyber attacks, as they often have limited resources to dedicate to cyber security.
Fewer resources can leave businesses unprepared to adequately mitigate and manage cyber breaches or attacks.
Incidents of cyber crime are astonishingly frequent in Australia, and the damage and loss that occurs as a result is staggering:
- $300 million total estimated annual loss to cyber crime in Australia over a year1
- 1 cyber crime is reported every 10 minutes in Australia2
- 1,100 cyber security incidents were responded to by the Australian Cyber Security Centre (ACSC) in the 2021/22 financial year, equating to about 21 incidents per week3
- 43% of cyber attacks target small-to-medium-sized businesses3
- 81% increase in cyber attacks in 2021/22, compared to the previous financial year4.
The rules may change
Pressure is increasing for smaller enterprises to be held responsible for protecting customer information5. In February 2023, the Australian Government announced an overhaul of privacy legislation, removing previous exemptions for small-to-medium enterprises with less than $3 million in turnover6. The change is likely to result in these businesses being subject to the notification requirements of the Notifiable Data Breaches Scheme following a privacy breach. Small businesses will need to consider adequate resourcing in order to comply.
What could a cybersecurity incident cost your business?
The cost of cyber attack on your own business will vary depending on the nature, size and complexity of your operation, but can also be arguably significant. Expenses can include remediation and recovery costs, legal fees, loss of productivity, and even public relations support to manage reputational damage and loss of customer trust, which can be more challenging to quantify but can have a significant impact on the long-term success of the business.
Your costs could also be significantly higher if sensitive data, such as financial or personal information, is stolen or lost, leading to regulatory fines or legal action from affected parties.
Preparedness isn’t just for large organisations
It’s important to consider proactive and preventative measures to secure your IT systems, educate staff, and develop an incident response plan to minimise the likelihood of an attack and mitigate the impact if one does occur. Technologies are becoming more sophisticated with the recent expansion into the realm of artificial intelligence (AI).
It can be difficult to stay on top of everything, which is why it’s important to build insurance into your business risk management strategy.
Cybersecurity insurance isn’t just for big companies. It can help support smaller businesses too by providing financial support to recover from and remediate loss or damages.
It can include:
- Immediate 24/7 access to incident response service following an actual or suspected cyber event, for support at any time
- Reimbursement of ransom payments (where it’s legal for insurers to pay a ransom) as well as access to specialist ransom negotiators
- Financial assistance to recover loss of profit related to business interruption
- Costs to repair and restore IT systems and data
- Assistance in notifying impacted third parties following a privacy breach, as well as complying with government reporting requirements.
References
[1] ACSC Small Business Survey Report (cyber.gov.au)
[2] ACSC Small Business Survey Report (cyber.gov.au)
[3] ACSC Annual Cyber Threat Report, July 2021 to June 2022 (cyber.gov.au)
[4] The Latest Cyber Crime Statistics (updated May 2023) | AAG IT Support (aag-it.com)
[5] Attorney-General's data report calls to end SME exemptions (smartcompany.com.au)
[6] Privacy Act Review Report | Attorney-General's Department (ag.gov.au)
This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances.
Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238 983) (“Marsh”) and Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238 369) (“MAI”) arrange the general insurance (i.e. not the Discretionary Trust Arrangement) and are not the insurer.
Discretionary Trust Arrangements are issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417 964) (“JGS”). Any advice or dealing in relation to a Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) (“JLT”). The cover provided by a Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions.
For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements (PDSs) available from the relevant product issuer. Target Market Determinations (TMDs) are available here.
Marsh, MAI, JGS and JLT are all businesses of the Marsh group.
LCPA 23/259