Cyber risks keep increasing, how good is your preparation?
It seems everywhere you turn people are talking about the dangers posed by online criminals. From an insurance perspective, you may have heard of cyber liability insurance. I wanted to provide you more background to further remind business owners it really can happen to you - just think how many spam emails you get - and that cyber insurance products provide much more support than just money. Recent newspaper headlines of a property transaction intercepted by hackers - with $250,000 stolen - make for unsettling reading. In the small business world, it should be setting off alarm bells, as the theft took place allegedly whilst under the conveyancers' management. In all of our lives, more frequent and sophisticated cyber scams remind us constantly to heighten our vigilance. In small business, cybercrime is also on the rise, and they are often easy targets with lax security. Cyber criminals continue to have success, with statistics from the global Verizon Data Breach Investigation Report (DBIR), compiled after Verizon investigated more than 50,000 claims, show hacking was involved in 48% of breaches and malicious software in 30% of breaches. Errors caused 17% of breaches and 12% were from company insiders. Ransomware made up 39% of claims. Cyber criminals commonly use a mixture of methods, for example, phishing (disguising as a trustworthy entity) to obtain access to insert malware, with 15% of staff still clicking on phishing emails. For small businesses, complacency can be the enemy, with many businesses not able to imagine how cyber security might affect them. The complexity of the risk often leads to brushing it over, only thinking that losing data or files is the biggest risk. That in itself is enough, but loss of client data, financial information, theft, inability to trade and loss of reputation and trust are events that can have devastating consequences for small business. These risks are as real and serious as a physical break-in. Prevention is better than a cure, with the cost of cyber event remediation likely to increase markedly now that Australia's notifiable data breaches (NDB) scheme is in place. A few recent case studies are worthy reminders of the reality of cybercrime and benefits insurance can provide:
- A regional Queensland boat dealer suffered a ransomware attack which was "a new breed" of encryption not previously seen. With IT assistance, files were restored from back-ups, no ransom was paid, and there was no business interruption because the dealer was operational again within 24 hours.
- An accountancy firm was hacked after a patch was not installed and 10,000 records were affected. The insured did not know personal information was stored in its website. Notification to the Office of the Australian Information Commissioner (OAIC) and affected clients was required under the NDB scheme and costs covered by insurance.
- A large advisory firm's phones were hacked (phreaking) via decoding a simple password and expensive international calls made. The Cyber Insurance policy covered the additional phone costs and IT experts to install better firewalls.
All small businesses should have at least a basic plan in place. The Australian Government provides a good starting point - https://www.business.gov.au/risk-management/cyber-security/keep-your-business-safe-from-cyber-threats What most organisations don't realise is that most Cyber Insurance policies give 24/7/365 access to an incident response team of experts who understand the importance of immediately mitigating potential threats to businesses. Insurers can also manage reporting data breaches to OAIC, subsequent regulatory investigations, and costs associated with communicating data breaches to affected individuals. A cyber insurance policy should be part of every successful business's risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when it's IT security, policies and procedures fail to stop an attack. A well-negotiated Cyber Insurance Protection package, typically starts from only around $1,000, giving clients financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage. For further information and a quote for your business contact Byron McPherson at CPRS Insurance on 0488 080 065 or email email@example.com. Note: Information provided by Byron McPherson CPRS Insurance in this article is for general informational purposes only, and is not a substitute for professional advice. All information contained in the blog is provided in good faith, however, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability or completeness of any information provided in this site.