Many businesses think their business is too small to attract cyber criminals. Yet, when it comes to cyber theft, size doesn’t matter. Hackers are on the lookout for businesses of any size with valuable customer data they can steal and sell on the black market. Businesses are increasingly vulnerable to cyber-attacks.
Consider some of the most high profile cyber attacks in recent times that targeted major brands. In the case of eBay, hackers managed to steal personal records of 233 million users. The hack saw usernames, passwords, phone numbers and physical addresses compromised. Fortunately financial information was stored separately and not stolen but this still left eBay users vulnerable to identity theft and brought risk to eBay’s reputation.
In another high profile case, hacking group Rex Mundi held Domino’s Pizza to ransom over 600,000 Belgian and French customer records. Demanding $40,000, in exchange for their personal data, including names, addresses, emails, phone numbers and even their favourite pizza toppings.
And of course the Ashley Madison breach. 30 million users worldwide had their personal details stolen and then published online.
All big businesses are obvious targets of hackers and cyber criminals, right? After all they have big pockets to pay ransom demands. But in fact small business is just as vulnerable to cyber crime, with almost 30% of Australian businesses experiencing a cyber attack of some form, costing the economy billions of dollars and that number is rising.
So why are hackers interested in small business? To start small business websites are often used as “watering holes” or loopholes to break down the security of other businesses. (i.e. get into the systems of other businesses). They are also an easy target for sophisticated hackers as they often don’t have the security systems in place to prevent an attack, making them a target for their customer data, intellectual property and bank account information.
Take for example the small recruitment firm which, over a three year period experienced three separate instances where their systems were breached. Bank account and drivers license details of 500 on-hired contractors were stolen.
Or the Accounting firm, which had their server and client records locked by ransom ware and hackers demanded $55,000. In fact, in Australia alone, ransom ware demands costs small businesses an estimated $5 million per year.
But cyber risk is not just about hackers. It also covers staff who accidentally make public confidential information, insider theft as well as theft or loss of a device. Like the sports drug testing consultant who left his laptop at a sports ground. He was able to claim $70,000 for Business Interruption, notification costs and as defence costs for the breach of privacy.
This is why cyber insurance should be an important part of your risk management plan, as it provides protection against the expense and legal costs associated with data breaches. Having cyber can help mitigate a number of ways a business can be impacted financially:
- Brand reputation– this is likely to be one of your most import assets, so you will need to protect and potentially repair any damage.
- Interruption to business– this could include temporary downtime while the issue is investigated, lost income due to system downtime and potential loss of sales.
Having a Cyber Insurance policy can provide you cover for the following costs:
- Compensation claims
- Fines & Penalties (Associated with the new Privacy Act)
- Credit Monitoring
- Cyber Extortion
- Data Restoration
- System Repair
- Public Relations
- Business Interruption
The recruitment firm claimed around $200,000 for forensic and legal costs, costs associated with notifying the parties concerned as well as for credit monitoring services. And the accounting firm claimed $155,000 for loss of income, a professional to handle the ransom, network restoration costs, notification costs as well as credit monitoring services
Cyber insurance is available for first-and third-party losses, which in plain language means that if your business has customer or vendor relationships and processes customer-sensitive (non public) information, you need it.
Isn’t my other insurance cover enough?
Take time to review your current policies—especially the exclusions—and you’ll likely find that your other business cover won’t respond to a cyber or data breach claim. And the last thing you want to do is handle a cyber attack or data breach alone. Cyber insurance will also provide coverage for regulatory defence, penalties and fines.
Isn’t cover pricey?
Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile. A policy with $100,000 cover could cost as little as $350 per annum.
Whilst the ability to market your business online is getting easier (and less expensive), the threat of a cyber incidents means all businesses need a security plan to protect their business and they should consider a Cyber Insurance policy as an essential part of this plan.