Australian businesses have become a target for cyber criminals, but there are simple ways to protect your business against an attack. BizCover managing director Michael Gottlieb explains.
Cyber crime is one of the fastest growing types of crime in the world, claiming more than one million victims a day. And there’s a good chance your business has already been one of them! According to computer security company Symantec, one in five Australian businesses were attacked last year, of which half were small and medium enterprises. Cyber crime isn’t just illegally downloading movies and music or stealing a mobile phone. It can be far more destructive.
For example, distributing viruses, stealing company secrets and swiping customer information like names, addresses, medical records, bank account details and credit card information top the list for cyber criminals. Of course, the most common motivation behind a cyber attack is financial with businesses that keep an electronic record of client information, bank online or allow customers to pay by credit card being especially vulnerable, but cyber criminals can be motivated by other reasons too, including extortion, activism and revenge.And it’s not just big corporations at risk – any business that has a website or uses the internet (which, according to the Australian Bureau of Statistics, is 92 per cent of Australian businesses) is at risk.
The biggest data theft in Australia involved 46 service stations, 33,000 stolen credit card details and $30 million in illegal transactions. The data stolen was used to make fake credit cards which were then used in transactions in the US, Europe, Hong Kong and Korea.Sixteen hackers located all over the world (including Australia) were arrested in 2012 over the theft, including Romanian wrestling champion Gheorghe “The Carpathian Bear” Ignat. The fit, muscular Ignat was hardly what you’d expect a hacker to look like, but authorities say organised-crime cyber gangs are getting harder to identify and more sophisticated.That’s why from March 12, new privacy legislation will shift the onus of protecting business data on to business owners, making them responsible for any data breaches. Your business will be liable with companies facing fines up to $1.7 million, even if you outsource your IT to a third party, your office is broken into and your computers are stolen, or a disgruntled former employee accesses files without authorisation.
Under the Privacy Amendment (Enhancing Privacy Protection) Act, strict rules will govern how companies can collect, maintain, distribute and destroy personal information. Further reforms are expected to be passed by the Senate later this year, which propose that businesses and government agencies must notify customers of serious data breaches in relation to personal, credit reporting or tax file number information. The introduction of mandatory data breach notification law will ensure that if there is a breach, consumers are aware and can then take remedial action. The Privacy Amendments (Privacy Alerts) Bill 2013 will also force companies to tighten their data security.
Even though cyber insurance has been available for around ten years and is one way businesses can better manage the risks related to a data breach, and also limit the significant costs that result from them, the take up in Australia has been poor to date, with less than 1 per cent of Australian businesses covered.
This is in stark contrast to countries like the US where mandatory data breach notification laws have been in place for some time, resulting in 25 per cent of listed companies purchasing cyber insurance in the same way they buy protection against fire, flood and theft.
The poor take up of cyber insurance in Australia is startling, especially when you consider the fact globally the cost of cyber-crime is estimated to be $388 billion annually, and the average cost of a data breach reported by an Australian company jumped 23 per cent to $2.72 million in 2012.
This is the equivalent of $141 per lost or stolen record, according to the 2013 Ponemon Institute/Symantec Cost of Data Breach Study. The study also found that 43 per cent of local data breaches were caused by malicious criminal attacks; 33 per cent were due to mistakes by staff or third parties such as cloud providers and business partners; and 24 per cent involved system failures.
In addition to hefty penalties and recovery costs that can apply after a cyber crime, a business also faces a loss of productivity and income, damage to corporate brands and customer trust, and exposure to legal action.
Given all of these costs, cyber insurance can provide peace of mind for as little as $42 per month. If a data breach occurs, insurance can not only cover civil penalties and fines but also forensic investigation costs, legal fees, damages, and compensation for lost or reduced revenue due to business disruption.
Policies may also cover the cost to repair, replace and improve computer systems and security, and hire a public relations consultant to restore any brand or reputation damage.
But, of course, not all policies are the same. There are many different types and levels of cover, and because cyber insurance is still relatively new in Australia, it’s important you research and compare policies to ensure you get adequate cover.
Seeking advice from a specialist broker could also save you time and money.
Seven years ago cyber crime barely rated a mention in the World Economic Forum’s Global Risk Report, but today it’s ranked as the fifth biggest threat to business behind income disparity, extreme weather, unemployment and climate change.
A recent survey conducted by PricewaterhouseCoopers found 63 per cent of Australian businesses believe the risk of cyber crime has risen in the last 12 months.
It’s no longer a problem that Australian businesses can afford to ignore. Small to medium-sized enterprises are particularly at risk with evidence that criminal gangs are actively targeting them because they’re seen as a soft target with inadequate security. For instance, a medical centre on the Gold Coast and a mechanic in Alice Springs were two recent victims of cyber crime.
Given the majority of organisations don’t even know where to start when it comes to protecting against cyber threats, while criminals are becoming more and more sophisticated in their ability to exploit businesses using the internet, cyber insurance is a simple way to manage risks.
BizCover’s top tips to prevent and manage data breaches:
- Clearly identify confidential client and business information, and train staff and any relevant third parties on how to properly handle this information
- Restrict the number of people who have access to devices, and ensure that passwords for computers, smart phones and databases are strong and regularly changed;
- Review and test security and risk management measures such as anti-virus software on a regular basis; and
- Review your existing insurance policy to ensure it covers you in the case of a breach and, if not, investigate Cyber Insurance options.