Skip to main content

Cyber crime and your business – building your Game Plan

When it comes to cyber crime, all businesses are fair game. Large organisations aren’t the only victims of cyber crime – small-to-medium businesses are also fair game to hackers and spammers who can create a trail of destruction for business and customers. The right risk management Game Plan can ensure you’re prepared and resilient for all that comes your way, so you can focus on what matters most – building a stronger future for your business.

What you should know

Cyber criminals aren’t fussy about where their revenue comes from – they target businesses of all types and sizes. However, small-to-medium businesses are particularly vulnerable to cyber attacks, as they often have limited resources to dedicate to cyber security.

Fewer resources can leave businesses unprepared to adequately mitigate and manage cyber breaches or attacks.

Incidents of cyber crime are astonishingly frequent in Australia, and the damage and loss that occurs as a result is staggering:

  • $300 million total estimated annual loss to cyber crime in Australia over a year1
  • 1 cyber crime is reported every 10 minutes in Australia2
  • 1,100 cyber security incidents were responded to by the Australian Cyber Security Centre (ACSC) in the 2021/22 financial year, equating to about 21 incidents per week3
  • 43% of cyber attacks target small-to-medium-sized businesses3
  • 81% increase in cyber attacks in 2021/22, compared to the previous financial year4.

The rules may change

Pressure is increasing for smaller enterprises to be held responsible for protecting customer information5. In February 2023, the Australian Government announced an overhaul of privacy legislation, removing previous exemptions for small-to-medium enterprises with less than $3 million in turnover6. The change is likely to result in these businesses being subject to the notification requirements of the Notifiable Data Breaches Scheme following a privacy breach. Small businesses will need to consider adequate resourcing in order to comply.

What could a cybersecurity incident cost your business?

The cost of cyber attack on your own business will vary depending on the nature, size and complexity of your operation, but can also be arguably significant. Expenses can include remediation and recovery costs, legal fees, loss of productivity, and even public relations support to manage reputational damage and loss of customer trust, which can be more challenging to quantify but can have a significant impact on the long-term success of the business.

Your costs could also be significantly higher if sensitive data, such as financial or personal information, is stolen or lost, leading to regulatory fines or legal action from affected parties.

Preparedness isn’t just for large organisations

It’s important to consider proactive and preventative measures to secure your IT systems, educate staff, and develop an incident response plan to minimise the likelihood of an attack and mitigate the impact if one does occur. Technologies are becoming more sophisticated with the recent expansion into the realm of artificial intelligence (AI).

It can be difficult to stay on top of everything, which is why it’s important to build insurance into your business risk management strategy.

Cybersecurity insurance isn’t just for big companies. It can help support smaller businesses too by providing financial support to recover from and remediate loss or damages.

It can include:

  • Immediate 24/7 access to incident response service following an actual or suspected cyber event, for support at any time
  • Reimbursement of ransom payments (where it’s legal for insurers to pay a ransom) as well as access to specialist ransom negotiators
  • Financial assistance to recover loss of profit related to business interruption
  • Costs to repair and restore IT systems and data
  • Assistance in notifying impacted third parties following a privacy breach, as well as complying with government reporting requirements.

[1] ACSC Small Business Survey Report (cyber.gov.au)
[2] ACSC Small Business Survey Report (cyber.gov.au)
[3] ACSC Annual Cyber Threat Report, July 2021 to June 2022 (cyber.gov.au)
[4] The Latest Cyber Crime Statistics (updated May 2023) | AAG IT Support (aag-it.com)
[5] Attorney-General's data report calls to end SME exemptions (smartcompany.com.au)
[6] Privacy Act Review Report | Attorney-General's Department (ag.gov.au)

Need help?

If you have any questions about the content covered in this article or the risks and insurance coverage requirements for your business, reach out to your Marsh risk advisor today or contact us.

Request a call back

LCPA 23/259

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983)(“Marsh”) arrange the insurance and is not the insurer. This publication contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire the product, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh on request. This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.