Debunking Cyber Security Myths for SMEs, Part 1

SMEs face unique challenges in the cyber realm. Unfortunately, misinformation doesn’t help and can often hinder SMEs from understanding the importance of Cyber Liability. That’s why we’ve debunked three widespread myths and offered insights to set the record straight.

“My business is too small to be hacked.”

Many SMEs don’t think a cyberattack could happen to them simply because they are small.

It’s not surprising that so many SMEs think this way. Cyberattacks on large corporations, hospitals, and government agencies dominate news coverage. However, small businesses are often easier targets partly because they don’t think they are worth a hacker’s time.

If you’re one of the SMEs who believes they have nothing to fear from a cyberattack, here are some stats that might help change your mind:

A 2020 survey of small and medium businesses conducted by the ACSC found that 62% of respondents experienced a cyber incident¹, and a 2021 survey by Cisco showed similar results (65% of Australian respondents)².
150,000 to 200,000 small office/home office routers in Australia are vulnerable to compromise³.

The bottom line: Cyber Liability isn’t just for big businesses. As attacks on SMEs continue to rise due to their vulnerability and lack of protection, it may be more important than ever for you to protect yourself against the financial fallout of hacks, breaches, and data loss.

“I don’t have information worth stealing.”

Some SMEs may think their business isn’t worth targeting. What could cybercriminals want from a tradie, retail shop, or hairdresser?

Regardless of the industry you work in, virtually all SMEs have information that cybercriminals could want, such as Personal Identifying Information (like full names, dates of birth, and other details that can be used to steal someone’s identity), payment info (credit card numbers, bank account details, etc.) or trade secrets (intellectual property that belong to you, your partners or suppliers).

However, stealing data isn’t the only end game when targeting SMEs. Small businesses like yours may be more likely to experience attacks like:

Phishing – Picture this: You receive an email or SMS that appears to be from a trusted source, like your bank or a supplier. You’re asked to take an action, like verify your login details or transfer payment to a new account. Only to discover later the message is from a cybercriminal, and you’ve unknowingly compromised your accounts or paid the wrong person.
Business Email Compromise – Cybercriminals may try to access your business email to target your suppliers and partners for fraudulent payments. This can happen through phishing or malware, like keystroke loggers.
Ransomware – A type of malware, ransomware is designed to lock a victim’s system unless they pay a ransom to regain access. Cybercriminals know that many SMEs will pay almost anything to get their business back up and running. Unfortunately, paying the ransom doesn’t always guarantee your system or data will be restored.

The bottom line: Stolen data is just the tip of the iceberg when it comes to cyberattacks. You may think you don’t have enough data for hackers to care about, but it doesn’t mean you’re safe. Fraudulent payment requests and shutting down operations via ransomware can do just as much, if not more, damage.

“Cyberattacks aren’t a big deal.”

By now, you might be thinking, “So what if I am a potential target for cybercriminals? How much damage could a cyberattack possibly do to my business?”

If your business is covered by the Privacy Act 1988, you must notify affected customers and the OAIC. You may face steep fines for failing to comply with this legislation and suffer a blow to your professional reputation.

Business interruptions caused by cyberattacks can be devastating regardless of whether a small business is subject to privacy legislation. Ransomware can be used to hold your system hostage until you pay a ransom to regain access. This could translate to thousands in lost revenue while your system remains locked.

The bottom line: Cyber Liability insurance can be a powerful tool to help SMEs like yours get back to business as usual as quickly as possible. Policies typically cover the expense of notifying customers of a breach, related fines and penalties, and business interruption costs. It may also cover crisis management costs to help you recover your business’ reputation.

With BizCover, you can navigate cyber threats with ease

Cyberattacks can strike at any time, but that doesn’t mean your small business needs to be vulnerable. Compare Cyber Liability Insurance options on our platform today, and ensure your business remains resilient in the face of cyber challenges.

ACSC, Cyber Security and Australian Small Businesses, 2020
Cisco, Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense, Sep 2021
ACSC, Annual Cyber Threat Report, July 2021 to June 2022

This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording.
© 2023 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769