Cyber crime and your business – building your Game Plan

When it comes to cyber crime, all businesses are fair game. Large organisations aren’t the only victims of cyber crime – small-to-medium businesses are also fair game to hackers and spammers who can create a trail of destruction for business and customers. The right risk management Game Plan can ensure you’re prepared and resilient for all that comes your way, so you can focus on what matters most – building a stronger future for your business.

What you should know

Cyber criminals aren’t fussy about where their revenue comes from – they target businesses of all types and sizes. However, small-to-medium businesses are particularly vulnerable to cyber attacks, as they often have limited resources to dedicate to cyber security.

Fewer resources can leave businesses unprepared to adequately mitigate and manage cyber breaches or attacks.

Incidents of cyber crime are astonishingly frequent in Australia, and the damage and loss that occurs as a result is staggering:

$300 million total estimated annual loss to cyber crime in Australia over a year¹
1 cyber crime is reported every 10 minutes in Australia²
1,100 cyber security incidents were responded to by the Australian Cyber Security Centre (ACSC) in the 2021/22 financial year, equating to about 21 incidents per week³
43% of cyber attacks target small-to-medium-sized businesses³
81% increase in cyber attacks in 2021/22, compared to the previous financial year⁴.

The rules may change

Pressure is increasing for smaller enterprises to be held responsible for protecting customer information⁵. In February 2023, the Australian Government announced an overhaul of privacy legislation, removing previous exemptions for small-to-medium enterprises with less than $3 million in turnover⁶. The change is likely to result in these businesses being subject to the notification requirements of the Notifiable Data Breaches Scheme following a privacy breach. Small businesses will need to consider adequate resourcing in order to comply.

What could a cybersecurity incident cost your business?

The cost of cyber attack on your own business will vary depending on the nature, size and complexity of your operation, but can also be arguably significant. Expenses can include remediation and recovery costs, legal fees, loss of productivity, and even public relations support to manage reputational damage and loss of customer trust, which can be more challenging to quantify but can have a significant impact on the long-term success of the business.

Your costs could also be significantly higher if sensitive data, such as financial or personal information, is stolen or lost, leading to regulatory fines or legal action from affected parties.

Preparedness isn’t just for large organisations

It’s important to consider proactive and preventative measures to secure your IT systems, educate staff, and develop an incident response plan to minimise the likelihood of an attack and mitigate the impact if one does occur. Technologies are becoming more sophisticated with the recent expansion into the realm of artificial intelligence (AI).

It can be difficult to stay on top of everything, which is why it’s important to build insurance into your business risk management strategy.

Cybersecurity insurance isn’t just for big companies. It can help support smaller businesses too by providing financial support to recover from and remediate loss or damages.

It can include:

Immediate 24/7 access to incident response service following an actual or suspected cyber event, for support at any time
Reimbursement of ransom payments (where it’s legal for insurers to pay a ransom) as well as access to specialist ransom negotiators
Financial assistance to recover loss of profit related to business interruption
Costs to repair and restore IT systems and data
Assistance in notifying impacted third parties following a privacy breach, as well as complying with government reporting requirements.

References

_{[1] ACSC Small Business Survey Report (cyber.gov.au)

[2] ACSC Small Business Survey Report (cyber.gov.au)

[3] ACSC Annual Cyber Threat Report, July 2021 to June 2022 (cyber.gov.au)

[4] The Latest Cyber Crime Statistics (updated May 2023) | AAG IT Support (aag-it.com)

[5] Attorney-General's data report calls to end SME exemptions (smartcompany.com.au)

[6] Privacy Act Review Report | Attorney-General's Department (ag.gov.au)}

Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369) (“Marsh”) arranges the general insurance (i.e. not the Discretionary Trust Arrangement) and is not the insurer. This page contains general information and does not take into account your individual objectives, financial situation or needs. For full details of the terms, conditions and limitations of the covers, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh on request. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). Any advice or dealing in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) (“JLT”). JGS and JLT are businesses of Marsh McLennan. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions.

LCPA 23/259