What is Cyber Insurance and why is it important?

Stay cyber savvy by understanding the impact cybercrimes have on Australian small businesses and how to help keep your business cyber-safe.

What is cyber risk?

A cyber risk is any financial loss, disruption to trading, or reputational damage caused by an IT failure, hack, or human error.

Phishing emails, business email compromise (BEC), social engineering, ransomware (a type of cyber extortion), and false billing scam are some of the most common risks you might face as a small business owner.

Just like the real world, the internet is full of risks. That’s why it is important to have some form of protection in place if you trade online or use internet-connected devices to run your business.

Myth buster: Cyberattacks only happen to large businesses

Cybercrime and data breaches are now commonplace threats facing small business. In fact, 43% of cyberattacks in Australia are aimed at small businesses.

If you use a computer, iPad, EFTPOS machine or any digital platform to share or store information, you are a potential target. Cyber criminals and hackers may target commercially sensitive information, your client’s information, intellectual property or banking information regardless of the size of your business.

Take a moment to consider the following:

• How valuable and secure is your data?
• How protective is your IT infrastructure?
• Do you have a response plan if a cyberattack or data breach was to occur?
• Have you tested that plan to make sure it works?
• Are your staff trained to spot a threat?

What are the risks of cybercrime?

Here are some alarming facts about the impact of cybercrime on small businesses in Australia:

• Cybercrime costs the Australian economy $30 billion annually, and yet it still remains one of the least insured areas for small businesses.
• A cyber incident was reported to the Australian Signals Directorate (ASD) every 6 minutes in FY23.
• The ASD also reported a 14% increase in the cost of cyber incidents for businesses—$46,000 per incident for small businesses and $97,000 per incident for medium-sized ones.

Keeping your business cyber secure

The importance of proper cybersecurity hygiene for small businesses cannot be overstated. By taking some simple steps, you could avoid many cyberattacks and keep your business secure. Here are a few you might consider for your small business:

• Learn to spot common threats and scams – Understanding potential dangers can help you recognise and avoid them.
• Keep systems up to date – Automatically update operating systems, software, and apps to install security updates.
• Regularly backup data – Keep backups of important data so systems can be restored with minimal downtime if a breach occurs.
• Use multi-factor authentication (MFA) – MFA helps prevent unauthorised access to systems and data by requiring two or more proofs of identity to grant access (such as a password and code sent to an authenticator app).
• Never share passwords – Do not share accounts or passwords between staff members. Update passwords whenever an employee leaves the company or service providers are changed.
• Be sceptical of emails and messages – Don’t click links or contact details that are emailed or provided over the phone, even if they appear to be from a trusted source. Instead, search for the official website or call an advertised phone number for assistance.
• Conduct regular risk assessments – Evaluate your current cyber security measures and identify new risks as your business grows and changes.

How can Cyber Liability insurance help small businesses?

But what if your business is still attacked, despite your best efforts? You might consider having an insurance safety net in place to help you shoulder the costs.

Cyber Liability insurance* can help protect your business from the financial impact of cyber threats and data breaches. Whilst it’s important to take precautionary measures to protect your business, Cyber Liability insurance could help you deal with many costs and expenses associated with a data breach.

What does Cyber Liability insurance cover?

A Cyber Liability insurance policy helps small businesses manage financial losses and unexpected bills created by a cyberattack or data breach. This may include covering things like:

• Forensic investigation costs to find the issue
• Data recovery costs
• Extortion amounts that ransomware may demand
• Crisis management costs to help rescue your business reputation after a data breach
• Notification costs (as you must now report certain data breaches under the Mandatory Data Breach Notification Laws) and other legal costs

A Cyber Liability insurance claims example

A real claim scenario^† involved a mortgage broker who had a malicious code installed on their website. This code caused the broker’s domain to be blacklisted as their site contained malware. They were no longer able to receive emails from their clients and the broker sustained serious reputational damage as a result.

Fortunately, the insurance broker held a Cyber Liability policy and was able to claim $17,000 for IT forensic expenses and loss of earnings.

Where to go to report a scam

Even vigilant businesses that do everything to prevent a scam can still become a cybercrime victim. These are some of the important government bodies you can report an incident to:

Report a cybercrime or scam to ACCC Scamwatch: https://www.scamwatch.gov.au/report-a-scam

Report a cybercrime to the Australian Signals Directorate (ASD): https://www.cyber.gov.au/report-and-recover/report

Verify and report impersonation to the Australian Taxation Office (ATO) and learn about current scams involving the ATO: https://www.ato.gov.au/general/online-services/identity-security/verify-or-report-a-scam/

Cybercrime is a growing threat to many businesses in Australia, making it important to ensure your business is taking the right steps to safeguard it from potential attacks.

Start protecting your business today.