It seems everywhere you turn people are talking about the dangers posed by online criminals. From an insurance perspective, you may have heard of cyber liability insurance.
I wanted to provide you more background to further remind business owners it really can happen to you – just think how many spam emails you get – and that cyber insurance products provide much more support than just money.
Recent newspaper headlines of a property transaction intercepted by hackers – with $250,000 stolen – make for unsettling reading. In the small business world, it should be setting off alarm bells, as the theft took place allegedly whilst under the conveyancers’ management. In all of our lives, more frequent and sophisticated cyber scams remind us constantly to heighten our vigilance. In small business, cybercrime is also on the rise, and they are often easy targets with lax security.
Cyber criminals continue to have success, with statistics from the global Verizon Data Breach Investigation Report (DBIR), compiled after Verizon investigated more than 50,000 claims, show hacking was involved in 48% of breaches and malicious software in 30% of breaches. Errors caused 17% of breaches and 12% were from company insiders. Ransomware made up 39% of claims. Cyber criminals commonly use a mixture of methods, for example, phishing (disguising as a trustworthy entity) to obtain access to insert malware, with 15% of staff still clicking on phishing emails.
For small businesses, complacency can be the enemy, with many businesses not able to imagine how cyber security might affect them. The complexity of the risk often leads to brushing it over, only thinking that losing data or files is the biggest risk.
That in itself is enough, but loss of client data, financial information, theft, inability to trade and loss of reputation and trust are events that can have devastating consequences for small business. These risks are as real and serious as a physical break-in. Prevention is better than a cure, with the cost of cyber event remediation likely to increase markedly now that Australia’s notifiable data breaches (NDB) scheme is in place.
A few recent case studies are worthy reminders of the reality of cybercrime and benefits insurance can provide:
- A regional Queensland boat dealer suffered a ransomware attack which was “a new breed” of encryption not previously seen. With IT assistance, files were restored from back-ups, no ransom was paid, and there was no business interruption because the dealer was operational again within 24 hours.
- An accountancy firm was hacked after a patch was not installed and 10,000 records were affected. The insured did not know personal information was stored in its website. Notification to the Office of the Australian Information Commissioner (OAIC) and affected clients was required under the NDB scheme and costs covered by insurance.
- A large advisory firm’s phones were hacked (phreaking) via decoding a simple password and expensive international calls made. The Cyber Insurance policy covered the additional phone costs and IT experts to install better firewalls.
All small businesses should have at least a basic plan in place. The Australian Government provides a good starting point – https://www.business.gov.au/risk-management/cyber-security/keep-your-business-safe-from-cyber-threats
What most organisations don’t realise is that most Cyber Insurance policies give 24/7/365 access to an incident response team of experts who understand the importance of immediately mitigating potential threats to businesses. Insurers can also manage reporting data breaches to OAIC, subsequent regulatory investigations, and costs associated with communicating data breaches to affected individuals.
A cyber insurance policy should be part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when it’s IT security, policies and procedures fail to stop an attack.
A well-negotiated Cyber Insurance Protection package, typically starts from only around $1,000, giving clients financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage.
For further information and a quote for your business contact Byron McPherson at CPRS Insurance on 0488 080 065 or email firstname.lastname@example.org.
Note: Information provided by Byron McPherson CPRS Insurance in this article is for general informational purposes only, and is not a substitute for professional advice. All information contained in the blog is provided in good faith, however, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability or completeness of any information provided in this site.
Cybersecurity is applicable for most businesses. Austbrokers Countrywide share 3 cyber scenarios that have created risk and exposure. If you want to learn more, get in touch with Austbrokers Countrywide.
“I don’t have cyber exposures”
“My business is too small”
“I haven’t got a website”.
These are common responses when contemplating the effect of Cyber Privacy and Crime on a small to medium enterprise. However, these three claims scenarios provided by the largest team of dedicated cyber underwriters, CFC underwriting Pty Ltd (Lloyds of London) may surprise you and demonstrate the types of exposures we all face even as a small business not operating on-line point of sale portals or advice on-line.
Three factual claims scenarios
1. Malware Theft
Hackers sent a phishing e-mail with a bogus word document attachment to a member of the accounts team within a small firm of accountants. Upon opening the attachment, a piece of key logging software was automatically installed which allowed the hackers to gather crucial access data and then log into the firm’s bank portal with the credentials of one of their users.
The insured was contacted by the bank after the hackers had initiated several wire transfers and ACH batches from the insured’s account to accounts located in Nigeria. After checking with the user whose credentials had been used to instruct the transactions, the firm instructed an IT forensics company to establish what had happened and to remove the malware from the system.
After managing to recall some of the wire transfers, the firm were left with $164,000 lost in theft of electronic funds and costs of $15,000 for IT forensics work.
The head GP at a private doctor’s surgery switched on his computer on a Monday morning to be greeted with a message stating that every single patient record on the network had been encrypted and that a sum of $30,000 was to be paid in bitcoin in exchange for the decryption key.
The insured contacted an IT forensics firm who confirmed that the level of encryption meant that it was going to be almost impossible to access the data without the encryption key and that the only other alternative was wiping the network of the ransomware which could lead to all data files being deleted. It had been a week since the last software back up, meaning critical patient data would be lost – and so the ransom was paid. Forensics were then engaged to remove any remaining malware from the network at a cost of $10,000.
3. CEO Fraud
A fraudulent yet almost identical looking e-mail address for the Managing Director of a medium sized building contractor was created by fraudsters who used it to instruct an individual in the accounts department to make a wire transfer payment of $50,000 to a new materials supplier. The e-mail stated that the new supplier was being used to source additional materials for a crucial job and that payment had to be made urgently to secure delivery of the goods.
The e-mail was sent whilst the MD was on holiday so that no face to face verification could be made. The account to which the funds were transferred actually belonged to the fraudsters who were able to retrieve the money before the transaction could be recalled.
Cyber liability insurance policies (also known as “data breach” insurance) and their coverage vary dramatically by insurance carriers. For a business, choosing the right cyber liability insurance policy can be a challenge. Working with a knowledgeable insurance broker who has experience with cyber liability insurance policies can reduce the challenges.
Before you start shopping, though, there are a few things you need to do to get ready:
1) Assess your cyber hygiene
Before applying for cyber liability insurance, your company should have policies and procedures in place that show they are protecting and securing their data as well as enforcing their security and privacy policies. While cyber liability insurance can help businesses mitigate risks, it cannot replace good cyber hygiene.
2) Evaluate your needs and priorities
Has your business assessed its risks for a data breach? Depending on your industry, your risk for a data breach may be considered anywhere from minimal to very high.
Has your business conducted a risk assessment? Evaluate, identify and mitigate any gaps in your privacy and security programs prior to applying for a cyber liability insurance policy. The risk assessment can help you assess your needs for cyber liability policy coverage matched to your business vulnerabilities.
3) Predict your data breach
Once you have assessed your risks, you will want to think of as many possible data breach scenarios as you can that could happen to your business. The purpose of this exercise is to arm you with potential data breach scenarios and prepare you to go on a search, with a knowledgeable insurance broker, for a cyber liability policy that fits your needs. While this may seem like a time-consuming process, it could help ensure that you’re covered in the event one of these scenarios happens. The whole purpose of purchasing cyber liability insurance, after all, is to ensure that you are protected from potential risk.
After these three steps, you are ready to compare different cyber liability insurance policies.
*Disclaimer: Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain the additional benefits and exclusions pertaining to your policy. The information provided is general advice only and does not take account of your personal circumstances or needs.
Cyber Security and Your Business
The Australian Cyber Security Centre reports that hackers are not about to give up their attempts to breach cyber security protocols to target businesses within Australia. The money and power available through cyber attacks are just too alluring for those who are willing to risk breaking the law for the love of money.
Cyber attacks are why business owners need to make it a priority to learn more about cyber security. While the Government does its best to partner with industry to stop threats in their tracks, businesses need to be vigilant while online.
Preventative Measures Needed to Shore up Cyber Security
Without preventative measures, a business’s computer system may be vulnerable to those who would like to commit a cyber attack, such as hacking or holding its files for ransom. That’s why businesses must back up files frequently to off-site storage, a separate hard drive, or to the cloud. Make sure that your systems, devices, and account passwords are strong and frequently updated. Even better, confirm that the security system is updated often.
Without adequate cyber security, not only is equipment at risk but also your business finances. Cyber thieves can steal a person’s identity and make off with his or her money. The havoc they wreak with a business’s data and equipment can cause a drop in productivity as well as a lessening of customer trust. In the end, a cyber security failure can lead to a loss of customers.
A Safety Net Needed in Case of Cyber Security Failure
Even the most carefully crafted plans are sometimes not enough when it comes to cyber security. With hackers becoming more proficient by the day, there may come a time when they break into your system. That is why your business should consider cyber security insurance.
Cyber Security Insurance
As a standalone policy, cyber security insurance can help businesses recover from the data loss that results from security breaches. Some cyber security insurance policies even cover other online disasters such as massive outages which cause a major interruption in service.
Cyber Security Insurance for Small Business
Most small businesses think these types of problems will never happen to them. After all, they are only a small business and presume that hackers have more important things to do than to harass a small business.
As countless small business already know, that would be a false assumption. It is not only large businesses that fall victim to hackers’ ploys. Other, more minor players do target small businesses. In fact, research shows that more than 70 percent of cyberattack victims are small businesses. Are you prepared to handle these sorts of attacks?
What Type of Cyber Security Insurance Policy Does a Business Need?
Usually, a business needs some sort of first-party coverage. It will protect a company against losses from events such as:
- Lost opportunities to do business
- Damaged data, software, or other digital assets
- Increased operational costs due to the incident
- Ransom demands for compromised data
- Financial loss from cybertheft
If a company manages a network or system that holds others’ data, the company may want to consider third-party coverage as well. This kind of coverage can protect the company from costs incurred from:
- Employee-caused security breaches
- Lost or stolen customer data
- Notifying all your customers about a security breach
Other types of insurance coverage, depending on the policy, may provide additional compensation. This includes violations of intellectual property rights, damaged reputations, and defamation.
Not all business insurance policies cover every aspect of cyber security. It is up to the company’s manager, then, to read over the policy carefully. Asking an expert insurance broker with experience in cyber security can help you understand the complexities of different policies.
Naturally, this significant responsibility requires that companies find an insurance broker they can trust. For that, Advisr can help. At Advisr, you can find the most qualified insurance brokers for your specific needs. From there, you can connect directly with the insurance broker of your choice.
How to Prepare for a Cyber Attack
Prepare for Cyber Attacks by Forewarning Employees
The adage, ‘forewarned is forearmed’, couldn’t be more appropriate when it comes to a cyber attack.
Experts advise businesses to warn employees and management about the insidious ways hackers try to get to a company’s financial and customer data. Many phishers even use social media posts to gain trust—and therefore access—to a company’s files to steal.
Outsource Cyber Security If You Can’t Afford Your Own Department
Most small- to medium-sized businesses can’t afford a full-time cybersecurity staff, let alone one with cutting-edge expertise. Those businesses should consider outsourcing security to managed services or a cloud service that does have the manpower and expertise to keep a close eye on their security. Those who do are the most successful.
Monitor Employee Activity for Cyber Attacks
Some cyber attacks happen at the hands of employees. Have sensible restrictions in place to guard your sensitive data from unscrupulous employees.
Make It Difficult for Cyber Attacks to Occur
People don’t leave their office doors unlocked—so why would one do the same thing for their computers and routers? Stiffen security with strong passwords, with frequent security system updates, back up data frequently, encrypt data, and use egress filtering to make it difficult for hackers to get into the system. The more precautions taken, the more likely cyber criminals are to choose a more vulnerable victim.
Protect Home and Business with Cyber Attack Insurance
Finally, for complete peace of mind, consider insurance that can protect businesses or individuals from financial loss, should a cyber attack occur. To find an insurance broker you can trust to provide adequate cyber insurance coverage in case you are impacted by a cyber attack, choose someone whose ratings and reviews from other customers just like you show that they’re capable of handling your insurance needs.
For that, look no further than Advisr.com.au. Our rated and reviewed professionals are trustworthy, experienced, knowledgeable—and ready to serve.
How to Protect Your Business from Cyber Risk
Small businesses are just as vulnerable to cyber risk as are the world’s industrial titans. In fact, given today’s globally connected online environment, small businesses face more cyber threats than any other group. Unfortunately, these cyber attacks are on the rise, since they gain more sophistication with every new technological breakthrough.
Individuals and businesses need to take precautions now to minimise the chance of cyber threats. Here are some ways to protect both home and business from the growing threat of cyber risks.
Cyber Risk Protection Checklist
Don’t use the same password for every account. Mix letters and symbols, switching symbols with letters; for example, ‘$#ogun’ instead of ‘Shogun.’ Use inventive spelling. Combine languages. Never use numbers and letters in sequence, such as ‘abcde,’ or ‘54321.’ In a similar vein, don’t use generic words like ‘password’ or ‘passcode’. People who have difficulty remembering passwords can find an app or software tool, called a password manager, that will store passwords securely and generate them as needed.
Strengthen the security system:
Upgrade to a higher level of anti-virus software. Update it frequently to keep it current. Turn off any unnecessary services. Use two-factor authentication whenever possible for social media and other online accounts. The stronger the online security, the better the chance to avert cyber risk.
Have a backup system:
Consider cloud storage, an off-site service, or even a portable hard drive to back up files. Back up the files frequently to ensure less lost data in case of a breach.
Use patches to update your security system:
It doesn’t take much for a hacker to discover a vulnerability. Run security scans often to reduce the risk of cybercrime. Whenever a new patch comes in, update the system as soon as possible.
Use egress filtering:
Egress filtering keeps unauthorised, sensitive data and malicious software—should a device become infected—from leaving the home or business network.
Make sure that family members and employees are informed and proactive about security. Educate them about phishing and other scams that look like legitimate emails and phone calls, yet are actually ploys scammers use to get security credentials and other personal and corporate data. Don’t leave lists of passwords, documents with sensitive data, or credit cards lying around.
Even if a hacker doesn’t know a device’s sign-on password, they can break into its files with a thumb drive and a little know-how. Protect all of the device’s files from this insidious cyber risk with encryption software.
If something does go wrong, consult an information technology (IT) professional. Dealing with ransomware and viruses isn’t a DIY project. Consult an expert.
Get cyber insurance:
Protect both home and business from all types of cyber risk with an insurance policy tailored to their needs. Cyber liability insurance, too, may be a good idea, particularly if the business deals with its customers’ sensitive data.
Reduce Your Risk of Cyber Threats with the Right Policy
Find a trustworthy insurance broker that’s knowledgeable about cyber risk and how to best protect both home and business from dangers online. Find a trusted, experienced insurance broker on Advisr today.
Cyber insurance in Australia is a necessary purchase these days, with news of even more businesses getting hacked on a daily basis. When a business buys a computer or mobile device, the goal is to make life easier. That’s why it makes sense to insure that device and the data it contains with cyber insurance.
As Internet technology and usage grows even more across the country, so will the need for cyber insurance. In fact, the Australian Government’s Business.gov.au website reports an even greater need for this protection now more than ever before.
Cybercrime on the Rise in Australia
As Australian businesses depend more on online access for everyday tasks, criminals, unfortunately, have taken notice. Cybercrime has risen to new heights as hackers attempt to steal personal and financial information through security breaches and ransomware.
For that reason, many Australians have opted to purchase cyber insurance. Precautions such as updating and strengthening passwords, updating security software frequently, and buying data backup systems are definitely useful. But these steps may not be enough to fend off the most sophisticated cyber attacks. That’s why cyber insurance has become an essential way to better protect your business against the loss of data, equipment, and software.
Cyber Insurance Protects Against Potential Loss Due to Cybercrime
Investing in cyber insurance will give you peace of mind when it comes to protecting your business. Australian industry experts caution businesses that protecting customer data is well worth the investment. They need to protect themselves from the catastrophic loss that would occur should they lose all their data—or lose the funds in their bank account to a cyberthief.
Companies Should Consider Cyber Insurance
- To cover the costs of customer notification: Since businesses must now notify their customers when a data breach occurs, they need to look at the sheer costs involved in notifying their customers, let alone recover from the loss. Cyber insurance can recoup those costs and help the company get back on its feet.
- To cover financial loss: A loss of data can translate to hours and dollars recovering the information. If the company’s bank accounts also were breached, money may be gone as well. A cyber insurance policy can protect a company against such profound losses.
- To cover liability: What happens when a customer suffers such a loss that they feel the need to bring a lawsuit against the company? It pays to have an insurance policy that can cover any damages the Court awards to customers affected by the breach.
Small Businesses, Too, Need Cyber Insurance
Australian small business owners, too, should think long and hard before they overlook the idea of cyber insurance. After all, more than 70 percent of businesses who become victims of cyber theft are small businesses.
The time is now for companies to find the best cyber insurance in Australia for their protection. Do some research to find what type of coverage is necessary and then connect with an insurance broker who is an expert in cyber insurance. With such a broker by your side, you will receive the guidance you need to ensure you have the cyber insurance coverage you need.
Advisr.com.au connects you with insurance brokers you can trust that can handle your specific cyber insurance needs. Find a cyber insurance you can trust on Advisr.com.au today.
Cyber Insurance is a specific type of insurance that provides insurance against the loss caused by malicious cyber activity, commonly called cybercrime. Depending on the breadth of your cyber insurance, some cyber risks maybe covered by your cyber insurance policy, whilst other cyber risks maybe excluded.
Whilst cyber insurance won’t directly protect you against the cybercrime, it can provide an offset against the material business impact that cybercrime may have on your business.
What is Cyber Insurance?
Cyber Insurance offers an offset (insurance) against the financial, business and operational risks that businesses face from cybercrime activities.
A cyber insurance policy is sometimes referred to as cyber risk insurance or cyber liability insurance coverage.
In Australia, about 30% of businesses have experienced a cybercrime incident. Within the US, about one-third of businesses currently purchase Cyber Insurance coverage.
So what is cybercrime?
Cybercrime can take many forms and impact businesses differently. The Australian Cybercrime Online Reporting Network (ACORN) notes that some common types of cybercrime include:
- Online scams and fraud
- Identity theft
- Attacks on computer systems
- Illegal or prohibited online content
Cybercrimes are on the rise in Australia, with over six million Australians being victims of cybercrime in 2017, an increase of 13% from 2016.
Cyber insurance policies can offer protection against many different cyber risks where a business may be exposed. So ensuring that you understand what your specific individual risks might be and how you can reduce your direct exposure to them is critical.
Do standard business packs cover you for cyber insurance?
Some business packs might provide some coverage for cyber insurance, however, Cyber Insurance Brokers that are specialists in cyber insurance should be consulted to gain specific insight and advice that is tailored to you and your business needs. Many insurance brokers will offer to review your current business insurance policies and explore your possible cyber risks to help you understand if your insurance coverage is adequate.
Connect today with an insurance broker who specialises in Cyber Insurance.