Hacks, viruses, ransomware, or even clicking on the wrong link could bring a small business to its knees. During the 2021-22 financial year, the Australian Cyber Security Centre received 76,000 cybercrime reports—or one every 7 minutes.1 And these incidents aren’t cheap. The average cost per cybercrime was over $39,000 for small businesses.1

Misinformation is everywhere, especially regarding cyber security. This can cause SMEs to hesitate when it comes to shielding their business. Unravelling these myths is key to ensuring they understand the importance of Cyber Liability protection. That’s why we’re taking on three more common cyber security myths, offering clarity and truth in place of confusion.

Cyber Liability insurance has been available since at least the year 2000, however many small businesses in Australia are not taking advantage of the protections a policy can provide. According to one survey, just 40% of businesses1 have any sort of cover in place.

It may have taken some time for the reality to hit, but the wider public is now starting to realise that hackers aren’t just fictional brooding movie villains – they’re real people doing real damage across the globe, particularly in Australia and especially to small businesses.

Whether you’re a tradie in Toowoomba or a barista in Bunbury, Cyber Liability insurance is something every Aussie small business might want to think about.

The beauty industry might seem a million miles away from data breaches and cyberattacks. But the ugly truth is that your salon may be more at risk than you think.

Australian businesses have become a target for cyber criminals, but there are simple ways to protect your business against an attack. BizCover managing director Michael Gottlieb explains. Cyber crime is one of the fastest growing types of crime in the world, claiming more than one million victims a day. And there’s a good chance your business has already been one of them! According to computer security company Symantec, one in five Australian businesses were attacked last year, of which half were small and medium enterprises. Cyber crime isn’t just illegally downloading movies and music or stealing a mobile phone. It can be far more destructive. For example, distributing viruses, stealing company secrets and swiping customer information like names, addresses, medical records, bank account details and credit card information top the list for cyber criminals. Of course, the most common motivation behind a cyber attack is financial with businesses that keep an electronic record of client information, bank online or allow customers to pay by credit card being especially vulnerable, but cyber criminals can be motivated by other reasons too, including extortion, activism and revenge.And it’s not just big corporations at risk – any business that has a website or uses the internet (which, according to the Australian Bureau of Statistics, is 92 per cent of Australian businesses) is at risk. The biggest data theft in Australia involved 46 service stations, 33,000 stolen credit card details and $30 million in illegal transactions. The data stolen was used to make fake credit cards which were then used in transactions in the US, Europe, Hong Kong and Korea.Sixteen hackers located all over the world (including Australia) were arrested in 2012 over the theft, including Romanian wrestling champion Gheorghe “The Carpathian Bear” Ignat. The fit, muscular Ignat was hardly what you’d expect a hacker to look like, but authorities say organised-crime cyber gangs are getting harder to identify and more sophisticated.That’s why from March 12, new privacy legislation will shift the onus of protecting business data on to business owners, making them responsible for any data breaches. Your business will be liable with companies facing fines up to $1.7 million, even if you outsource your IT to a third party, your office is broken into and your computers are stolen, or a disgruntled former employee accesses files without authorisation. Under the Privacy Amendment (Enhancing Privacy Protection) Act, strict rules will govern how companies can collect, maintain, distribute and destroy personal information. Further reforms are expected to be passed by the Senate later this year, which propose that businesses and government agencies must notify customers of serious data breaches in relation to personal, credit reporting or tax file number information. The introduction of mandatory data breach notification law will ensure that if there is a breach, consumers are aware and can then take remedial action. The Privacy Amendments (Privacy Alerts) Bill 2013 will also force companies to tighten their data security. Even though cyber insurance has been available for around ten years and is one way businesses can better manage the risks related to a data breach, and also limit the significant costs that result from them, the take up in Australia has been poor to date, with less than 1 per cent of Australian businesses covered. This is in stark contrast to countries like the US where mandatory data breach notification laws have been in place for some time, resulting in 25 per cent of listed companies purchasing cyber insurance in the same way they buy protection against fire, flood and theft. The poor take up of cyber insurance in Australia is startling, especially when you consider the fact globally the cost of cyber-crime is estimated to be $388 billion annually, and the average cost of a data breach reported by an Australian company jumped 23 per cent to $2.72 million in 2012. This is the equivalent of $141 per lost or stolen record, according to the 2013 Ponemon Institute/Symantec Cost of Data Breach Study. The study also found that 43 per cent of local data breaches were caused by malicious criminal attacks; 33 per cent were due to mistakes by staff or third parties such as cloud providers and business partners; and 24 per cent involved system failures. In addition to hefty penalties and recovery costs that can apply after a cyber crime, a business also faces a loss of productivity and income, damage to corporate brands and customer trust, and exposure to legal action. Given all of these costs, cyber insurance can provide peace of mind for as little as $42 per month. If a data breach occurs, insurance can not only cover civil penalties and fines but also forensic investigation costs, legal fees, damages, and compensation for lost or reduced revenue due to business disruption. Policies may also cover the cost to repair, replace and improve computer systems and security, and hire a public relations consultant to restore any brand or reputation damage. But, of course, not all policies are the same. There are many different types and levels of cover, and because cyber insurance is still relatively new in Australia, it’s important you research and compare policies to ensure you get adequate cover.

Cybercriminals are following the money.

As technology continues to advance and the reliance on digital systems grows, so does the threat of cyber-attacks.

Healthcare providers manage sensitive information every day. Patient records, diagnostic details, payment information and clinical notes hold significant value, which makes this sector a frequent target for cyber attacks. According to the Australian Signals Directorate’s latest Annual Cyber Threat Report 2024 to 2025, more than 84,700 cyber crime reports were lodged, equal to one incident every six minutes. Healthcare remains one of the most targeted sectors due to the volume and sensitivity of the information it holds.