Cyber insurance has recently become a highly discussed topic. Cybercrime is on the rise, with criminals becoming increasingly audacious in their attacks.
For instance, the world recently watched on in horror as a large part of the US population was unable to access fuel as hackers infiltrated a utility company’s IT system and shut it down.
Even more recently, in Australia hackers brought down the back end of the Nine Network, which owns major TV and radio stations and newspapers, disrupting broadcasts.
Gerry Power is the head of sales of specialist cyber insurance provider Emergence Insurance. He says large attacks like these mean small businesses can longer ignore cyber threats.
“Every time I pick up a newspaper, somebody’s talking about ransomware or cyberattacks. Smaller businesses can’t say they don’t understand the threat.” He says at the moment the top cyber exposures are business email compromise, ransomware and human error.
In response to the heightened threat, governments have become much more active in stamping out cybercrime, Power explains. “Governments and regulators are acting to control ransomware. In Australia, the federal government is ramping up efforts and regulation to protect personal data. There’s also a push to make it mandatory for companies to disclose if they have paid money in a ransomware attack. So there is massive amounts happening behind the scenes.”
“Cyber insurance also provides cover for the cost of any litigation from affected parties ”
When it comes to developing a robust approach to cyber security in small business, start by trying to understand your security controls and security posture.
“The challenge in this space for smaller businesses is they’re so focused on trying to keep the business afloat during what has been a very difficult 12 months, they haven’t addressed their cyber risks in the way they should,” says Power.
To address this, the first thing businesses need to do is ensure they are backing up data properly. “One of the ways that we can avoid paying a ransom is if a business has meticulously backed up their data every single day. That means if there is an attack, we can wipe the system and build it back up from back-ups so we don’t have to pay a ransom,” he adds.
It’s not enough just to have backed up the data, it also needs to be recoverable. Says Power: “Sometimes we find when we go to retrieve the data, it’s faulty or compromised. So test back-ups work before an attack happens to give yourself peace of mind your data is recoverable.”
Automatic updates of the system’s anti-virus software are also a must.
It can be hard for businesses focusing on their day-to-day operations to know how to identify the right sort of cyber health.
“Many smaller businesses put blind faith in their managed IT services provider or consultant. But it’s also essential to invest an appropriate amount in your systems and controls. Your IT expert should be abler to guide you here,” says Power.
Cyber insurance also plays a key role. This cover provides protection for businesses and allows them to transfer losses arising from a cyberattack to the insurer. Power explains there are three main cyber risks SMEs can manage through insurance.
“The first one we call first party costs, such as IT forensics, remediation and public relations and marketing costs to communicate to affected people. If there is a loss of data, there may also be an obligation to report this to the Office of the Australian Information Commissioner or the Privacy Commissioner, which also has a cost attached. These costs are borne by the business if there is no insurance policy in place.”
Cyber insurance also provides cover for the cost of any litigation from affected parties and loss of profits if your business experiences a cyber breach.
But it’s important to realise insurance is just one part of the cyber puzzle. Taking a proactive approach to your business’s cyber health is crucial. Staff training and the right IT support and infrastructure can play a critical role in reducing the risk of an attack.
With threats only increasing, now’s the time to take a look at your cyber protocols to ensure if there is an attack, you’re as prepared as possible. Speaking to an insurance broker is a good place to start. They will be able to assist you in identifying cyber related risks and selecting cover that is suitable for your circumstances.
This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date the article is written as specified within it but is subject to change. Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content.