Posted on: October 7, 2019
Do small businesses have cyber risk?
Some of the scariest cyber attack headlines have been around large, well known companies. Think Yahoo in 2013, an attack which compromised three billion user accounts, or Marriott International in 2018 announcing that cyber thieves had stolen data on 500 million customers. Even this year in Australia, 20 years of persona data was stolen from Australian National University, start up superstar Canva exposed 139 million user details and even Instagram was hit by two privacy breaches in a week, resulting in 50 million users personal details being shared.
Cyber risk and small business
Australians are reporting incidents of cybercrime about every 10 minutes (more than 13,500 reports since July), according to the Australian Cyber Security Centre.
With this increase, there needs to be a corresponding increase in cyber security, particularly for small businesses. According to a 2019 report, cyber criminals have shifted their focus, targeting more small businesses, resulting in a 424% increase in breaches from 2017.
What can you do to protect your small business from cyber risk?
Cyber security is all about protecting your technology, information and data (especially data related to privacy) from accidental or illicit access, corruption, theft or damage. But the good news is that there are many things you can do to help manage your risks.
3 steps to protect your small business from cyber risk
- Awareness – According to Chubb’s 2019 Cyber Risk Survey, only 31% of employees get annual training on cyber security. Don’t take for granted that your team knows how to spot a phishing scam or knows not to open attachments unless they are really sure it’s legit (especially when they can appear to come from someone they know but perhaps the email address is a bit off). Make cyber education a priority in your business – start at induction but ensure it’s also part of your ongoing agenda.
- Maintenance – This is the seemingly simple stuff but is often where businesses get tripped up – maintaining good password hygiene (not using the same password for everything, enabling two factor authentication where possible, not sharing passwords) and also ensuring up to date antivirus and regular file and email back ups. .
- Test and protect – One really strong step your business can take is to hire an expert firm (sometimes known as an ethical hacker) to actually test your cyber security, and help you identify gaps. Of course none of these steps is foolproof, as cyber risk evolves quickly, so that’s where your insurance safety net plays its part to protect your business.
Do I need cyber insurance?
Cyber liability insurance is basically the safety net as incidents can and do happen even if you follow all of the steps above. Cyber insurance (according to Chubb) is designed to cover:
- Business interruption loss due to a network security failure or attack, human erros or programming errors
- Data loss and restoration including decontamination and recovery
- Incident response and investigation costs, supported by a 24/7 multilingual incident reporting hotline and on-demand vendors
- Delay, disruption, and acceleration costs from a business interruption event
- Crisis communications and reputational mitigation expenses
- Liability arising from failure to maintain confidentiality of data
- Liability arising from unauthorised use of your network
- Network or data extortion / blackmail (where insurable)
- Online media liability
- Regulatory investigations expenses
We can talk to you about what kind of cyber insurance solution might be right for your business – contact us or give us a call on (08) 8582 1277 for a free, no obligation chat and quotation.
General advice warning
The information above may be regarded as general advice. That is, your personal objectives, needs or financial situations were not taken into account when preparing this information.
Accordingly, you should consider the appropriateness of any general advice we have given you, having regard to your own objectives, financial situation and needs before acting on it. Where the information relates to a particular financial product, you should obtain and consider the relevant product disclosure statement before making any decision to purchase that financial product.