Posted on: August 24, 2023
Cyber Resilience: Are You There Yet? Check Our Guide
The frequency and complexity of cyber hacks are rising. And it’s not just financial services at risk, one in five Australian businesses overall experienced a cyber breach in 2021-22. Such a breach costs small businesses $39,000 on average, says the Australian Cyber Security Centre.
Can our nation be the most cyber secure in the world? The Federal Government is pinning its hopes on its 2023-2030 Australian Cyber Security Strategy, which is expected to be finalised any day now. It went out for public consultation between December and mid-April.
Lawyers Herbert Smith Freehills spell out the discussion paper’s main themes. The strategy aims to reduce complexity, ban ransom payments, increase regulatory intervention, enforce directors’ duties, share threat intelligence, and tighten security for critical infrastructure.
But a government strategy and big stick are only part of the picture. A whole-of-nation effort is needed. Federal Cyber Security Minister Claire O’Neil wants businesses and government to work together for the best outcome.
Awareness, training & action
Research shows small-to-medium-sized businesses falsely believe they have nothing of value for cyberhackers. But that stance ignores that SMEs are part of a digital ecosystem. Think of all the links your business has in its supply chain, including to government agencies.
According to the University of NSW, small businesses face these biggest cyber security threats:
- Remote vulnerabilities as more work is done online, possibly remote
- Lack of defence measures, such as up-to-date security software (anti-virus, anti-spam, and anti-spyware protection)
- Spear phishing targets an employee and takes over their account to access financials and other sensitive data. Staff training, encryption, authentication, secure passwords, and backups can help protect against this attack
- Ransomware is more difficult to handle for small businesses, having external IT expertise is essential
- Hackers use malware to steal sensitive data, which can lead to identity theft, fraud, and business interruptions. A business continuity plan, including regular information backups, is useful.
The ACSC is a great place to start with awareness raising. Be sure to engage every employee in your business on cyber resilience and run refresher training. Cover threat types, criminals techniques, and how your staff can protect themselves.
Human error is the biggest threat to cyber resilience, says this global report from Thales that included a survey of Australian businesses. So, help your staff learn the basics about cyber security and build from that. There’s also this free cyber security toolkit from the Australian Cyber Collaboration Centre for small businesses.
Having the right protections and controls
Your goal is cyber resilience. This covers methods for safeguarding businesses and their digital systems from cyber-attacks. Ensure your business covers cyber security, risk assessment, incident response, and business continuity.
Cyber insurance includes access to an expert or response app to help manage a cyber breach as soon as it’s detected in your business. This policy typically protects you for:
- First-party cover, for financial losses suffered due to a cyber breach, and
- Third-party losses due to a cyber incident that occurred at your business.
You can opt into cover for media liability, technology error, and omissions. We can also tailor the policy to your business and industry’s needs.