Australian businesses have become a target for cyber criminals, but there are simple ways to protect your business against an attack. BizCover managing director Michael Gottlieb explains. Cyber crime is one of the fastest growing types of crime in the world, claiming more than one million victims a day. And there’s a good chance your business has already been one of them! According to computer security company Symantec, one in five Australian businesses were attacked last year, of which half were small and medium enterprises. Cyber crime isn’t just illegally downloading movies and music or stealing a mobile phone. It can be far more destructive. For example, distributing viruses, stealing company secrets and swiping customer information like names, addresses, medical records, bank account details and credit card information top the list for cyber criminals. Of course, the most common motivation behind a cyber attack is financial with businesses that keep an electronic record of client information, bank online or allow customers to pay by credit card being especially vulnerable, but cyber criminals can be motivated by other reasons too, including extortion, activism and revenge.And it’s not just big corporations at risk – any business that has a website or uses the internet (which, according to the Australian Bureau of Statistics, is 92 per cent of Australian businesses) is at risk. The biggest data theft in Australia involved 46 service stations, 33,000 stolen credit card details and $30 million in illegal transactions. The data stolen was used to make fake credit cards which were then used in transactions in the US, Europe, Hong Kong and Korea.Sixteen hackers located all over the world (including Australia) were arrested in 2012 over the theft, including Romanian wrestling champion Gheorghe “The Carpathian Bear” Ignat. The fit, muscular Ignat was hardly what you’d expect a hacker to look like, but authorities say organised-crime cyber gangs are getting harder to identify and more sophisticated.That’s why from March 12, new privacy legislation will shift the onus of protecting business data on to business owners, making them responsible for any data breaches. Your business will be liable with companies facing fines up to $1.7 million, even if you outsource your IT to a third party, your office is broken into and your computers are stolen, or a disgruntled former employee accesses files without authorisation. Under the Privacy Amendment (Enhancing Privacy Protection) Act, strict rules will govern how companies can collect, maintain, distribute and destroy personal information. Further reforms are expected to be passed by the Senate later this year, which propose that businesses and government agencies must notify customers of serious data breaches in relation to personal, credit reporting or tax file number information. The introduction of mandatory data breach notification law will ensure that if there is a breach, consumers are aware and can then take remedial action. The Privacy Amendments (Privacy Alerts) Bill 2013 will also force companies to tighten their data security. Even though cyber insurance has been available for around ten years and is one way businesses can better manage the risks related to a data breach, and also limit the significant costs that result from them, the take up in Australia has been poor to date, with less than 1 per cent of Australian businesses covered. This is in stark contrast to countries like the US where mandatory data breach notification laws have been in place for some time, resulting in 25 per cent of listed companies purchasing cyber insurance in the same way they buy protection against fire, flood and theft. The poor take up of cyber insurance in Australia is startling, especially when you consider the fact globally the cost of cyber-crime is estimated to be $388 billion annually, and the average cost of a data breach reported by an Australian company jumped 23 per cent to $2.72 million in 2012. This is the equivalent of $141 per lost or stolen record, according to the 2013 Ponemon Institute/Symantec Cost of Data Breach Study. The study also found that 43 per cent of local data breaches were caused by malicious criminal attacks; 33 per cent were due to mistakes by staff or third parties such as cloud providers and business partners; and 24 per cent involved system failures. In addition to hefty penalties and recovery costs that can apply after a cyber crime, a business also faces a loss of productivity and income, damage to corporate brands and customer trust, and exposure to legal action. Given all of these costs, cyber insurance can provide peace of mind for as little as $42 per month. If a data breach occurs, insurance can not only cover civil penalties and fines but also forensic investigation costs, legal fees, damages, and compensation for lost or reduced revenue due to business disruption. Policies may also cover the cost to repair, replace and improve computer systems and security, and hire a public relations consultant to restore any brand or reputation damage. But, of course, not all policies are the same. There are many different types and levels of cover, and because cyber insurance is still relatively new in Australia, it’s important you research and compare policies to ensure you get adequate cover.

In Part 2 of our cyber risk series, we take a look at what steps you can take to protect your business from a cyber–attack. We also explain what Cyber Liability insurance is and why you should consider it as part of your business security plan.

Stay cyber savvy by understanding the impact cybercrimes have on Australian small businesses and how to help keep your business cyber-safe.

Cyber-attacks, unfortunately it is a term that is all too common these days, affecting countless businesses of all sizes on a daily basis. As technology advances and becomes more sophisticated, so do the types of crimes and threats crafted by cyber criminals.

If COVID-19 wasn’t enough to be concerned with, there’s another virus plaguing small business owners working remotely – cyber-crime. Small business owners and staff need to be vigilant of the types of risks that can damage their business, the measures to take to prevent becoming a victim and how Cyber Liability insurance can help protect your business from the consequences of an attack.

A common assumption in some small business circles can be that small businesses are not attractive targets for cyber criminals due to their smaller size and (generally speaking) smaller amounts of cash, assets, revenue, and sensitive customer data that they hold.

From the smallest of small businesses to the largest of multinational corporations, no organisation is impervious to cyber attacks. But what separates resilient businesses from cybercrime victims? Well, it often comes down to their approach to cyber security risk analysis, their level of investment in risk management, and their awareness of the risks that cybercrime poses.

From helping your customers to find their perfect purchase, managing stock, and taking care of your staff, the world of retail is one of countless moving parts. With so much going on, the retail industry is one which is exposed to many potential risks for things to go wrong, and that’s where business insurance can help save the day.

A cyber incident response plan (CIRP) is a clearly defined strategy that outlines the steps an organisation needs to take to detect, respond to, contain and recover from a cyber security incident. The purpose of a cyber incident response plan is to minimise the damage of a cybersecurity breach, reduce down time and ensure compliance with legal obligations.