Australian businesses have become a target for cyber criminals, but there are simple ways to protect your business against an attack. BizCover managing director Michael Gottlieb explains. Cyber crime is one of the fastest growing types of crime in the world, claiming more than one million victims a day. And there’s a good chance your business has already been one of them! According to computer security company Symantec, one in five Australian businesses were attacked last year, of which half were small and medium enterprises. Cyber crime isn’t just illegally downloading movies and music or stealing a mobile phone. It can be far more destructive. For example, distributing viruses, stealing company secrets and swiping customer information like names, addresses, medical records, bank account details and credit card information top the list for cyber criminals. Of course, the most common motivation behind a cyber attack is financial with businesses that keep an electronic record of client information, bank online or allow customers to pay by credit card being especially vulnerable, but cyber criminals can be motivated by other reasons too, including extortion, activism and revenge.And it’s not just big corporations at risk – any business that has a website or uses the internet (which, according to the Australian Bureau of Statistics, is 92 per cent of Australian businesses) is at risk. The biggest data theft in Australia involved 46 service stations, 33,000 stolen credit card details and $30 million in illegal transactions. The data stolen was used to make fake credit cards which were then used in transactions in the US, Europe, Hong Kong and Korea.Sixteen hackers located all over the world (including Australia) were arrested in 2012 over the theft, including Romanian wrestling champion Gheorghe “The Carpathian Bear” Ignat. The fit, muscular Ignat was hardly what you’d expect a hacker to look like, but authorities say organised-crime cyber gangs are getting harder to identify and more sophisticated.That’s why from March 12, new privacy legislation will shift the onus of protecting business data on to business owners, making them responsible for any data breaches. Your business will be liable with companies facing fines up to $1.7 million, even if you outsource your IT to a third party, your office is broken into and your computers are stolen, or a disgruntled former employee accesses files without authorisation. Under the Privacy Amendment (Enhancing Privacy Protection) Act, strict rules will govern how companies can collect, maintain, distribute and destroy personal information. Further reforms are expected to be passed by the Senate later this year, which propose that businesses and government agencies must notify customers of serious data breaches in relation to personal, credit reporting or tax file number information. The introduction of mandatory data breach notification law will ensure that if there is a breach, consumers are aware and can then take remedial action. The Privacy Amendments (Privacy Alerts) Bill 2013 will also force companies to tighten their data security. Even though cyber insurance has been available for around ten years and is one way businesses can better manage the risks related to a data breach, and also limit the significant costs that result from them, the take up in Australia has been poor to date, with less than 1 per cent of Australian businesses covered. This is in stark contrast to countries like the US where mandatory data breach notification laws have been in place for some time, resulting in 25 per cent of listed companies purchasing cyber insurance in the same way they buy protection against fire, flood and theft. The poor take up of cyber insurance in Australia is startling, especially when you consider the fact globally the cost of cyber-crime is estimated to be $388 billion annually, and the average cost of a data breach reported by an Australian company jumped 23 per cent to $2.72 million in 2012. This is the equivalent of $141 per lost or stolen record, according to the 2013 Ponemon Institute/Symantec Cost of Data Breach Study. The study also found that 43 per cent of local data breaches were caused by malicious criminal attacks; 33 per cent were due to mistakes by staff or third parties such as cloud providers and business partners; and 24 per cent involved system failures. In addition to hefty penalties and recovery costs that can apply after a cyber crime, a business also faces a loss of productivity and income, damage to corporate brands and customer trust, and exposure to legal action. Given all of these costs, cyber insurance can provide peace of mind for as little as $42 per month. If a data breach occurs, insurance can not only cover civil penalties and fines but also forensic investigation costs, legal fees, damages, and compensation for lost or reduced revenue due to business disruption. Policies may also cover the cost to repair, replace and improve computer systems and security, and hire a public relations consultant to restore any brand or reputation damage. But, of course, not all policies are the same. There are many different types and levels of cover, and because cyber insurance is still relatively new in Australia, it’s important you research and compare policies to ensure you get adequate cover.

Cyber Liability insurance has been available since at least the year 2000, however many small businesses in Australia are not taking advantage of the protections a policy can provide. According to one survey, just 40% of businesses1 have any sort of cover in place.

Cybercrime is no longer just a “big business” problem. In fact, small and medium-sized enterprises are now some of the most frequent targets of cyberattacks in Australia. From phishing emails to ransomware and fake invoice scams, even a single incident can cost a small business tens of thousands of dollars. In some cases, it can even threaten the survival of the business.

Hacks, viruses, ransomware, or even clicking on the wrong link could bring a small business to its knees. During the 2021-22 financial year, the Australian Cyber Security Centre received 76,000 cybercrime reports—or one every 7 minutes.1 And these incidents aren’t cheap. The average cost per cybercrime was over $39,000 for small businesses.1

The costs of cyberattacks on small businesses in Australia are gradually rising. According to the Australian Signals Directorate’s (ASD) latest Cyber Threat Report, the average cost of cybercrime per incident is costing Aussie small businesses $49,600.