Cybercrime shows no signs of slowing down in Australia. ReportCyber, the Federal Government’s online cybercrime reporting service, received close to 94,000 reports in FY2023, according to the Australian Signals Directorate (ASD) Cyber Threat Report 2022-2023. While attacks on big business may hog the headlines, small enterprises are squarely in the sights of hackers and cyber criminals too.
These individuals are intent on disrupting and defrauding, and their methods are becoming increasingly sophisticated, according to Steadfast’s Chief Information Security Officer Alexander Moskvin.
“Artificial intelligence can enable even ‘junior hackers’ to create sophisticated social engineering campaigns, featuring fake voice and video,” he says. “Even the smartest and most sceptical of targets can potentially be taken in.”
“And it’s easier than ever for perpetrators to home in on potential victims, courtesy of the fact that millions of Australians have had their personal information – email addresses, mobile numbers and personal identity data – leaked to the dark web during the last year.”
Meanwhile, businesses are at increasing risk of supply chain attacks. This kind of attack affords the perpetrators access to the systems and data of the victim’s partners and customers.
More hackers are starting to focus on this section of the ‘market’ – to the point that supply chain attacks may soon be offered as a service on the dark web, Moskvin says.
“Artificial intelligence can enable even ‘junior hackers’ to create sophisticated social engineering campaigns”
Strengthening defences
A major attack can be disruptive and expensive and while cyber insurance may help defray the costs, prevention is always better than cure. There are several ways businesses can strengthen their defences, to help reduce the likelihood of their falling victim.
First among these for SME is adopting the Essential Eight – a series of straightforward mitigation strategies developed by the ASD several years ago. They include patching applications promptly, implementing multi-factor authentication and running regular back-ups.
“They’re not fool proof but a small business that implements them across the board can become a much harder target,” Moskvin says. “Hackers will be more inclined to look for another victim whose systems offer an easier ‘in’.” While it might not always be a full-time role, appointing a cyber owner is the best way to ensure suitable cyber-security measures are implemented and reviewed regularly.
“Unless someone is accountable for taking the actions, it’s easy for it to be everyone’s business but nobody’s task,” Moskvin says. Keeping an eye on the security posture of your information and communication technology suppliers and partners is also a smart move, Moskvin says.
“Unfortunately, there are plenty of insecure systems on the market, so it pays to do your homework.”
Common Cyber Insurance Myths
“Cyber-attacks only happen to large corporations.”
Not true! Each year, thousands of smaller businesses experience cyber incidents. In fact, nearly 43% of cyber-attacks in Australia target small to medium-sized businesses (Australian Cyber Security Centre Small Business Survey, 2020).
“We don’t need cyber insurance because we already invest in IT security.”
Even with robust IT security, human error accounts for 95% of cyber-attacks (Australian Cyber Security Centre Cyber Threat Report 2022-23). A single click on a phishing email can still open the door to cyber criminals.
“Cyber is covered under our existing insurance.”
Standard insurance policies often don’t provide full coverage for cyber incidents. Only dedicated cyber insurance can deliver the comprehensive protection needed in a cyber-attack.
“Our Managed Service Provider (MSP) handles our cyber risks.”
If your MSP experiences a cyber-attack and your data is compromised, your business remains responsible. This can lead to reputational damage, regulatory fines, and the duty to inform affected parties.
“We don’t handle sensitive data, so we don’t need cyber insurance.”
Cyber risks aren’t limited to sensitive data. Any business that depends on computers is vulnerable, with threats like ransomware and funds transfer fraud not always involving sensitive information.
Cover to help your business recover
A major cyber-attack or data breach can be disruptive and expensive. Cyber insurance is there to help your business bounce back and rebuild, should the worst occur.
To find a policy that’s right for your risk profile, contact Continuum Insurance today.
Important notice
All information in this article is of a general nature only and does not take into account your specific objectives, financial situation or needs. Deductibles, exclusions and limits apply to insurance. Cover can differ between insurers.
This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to before acquiring the product.
Information is current as at the date the article is written as specified within it but is subject to change. Continuum Insurance makes no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Continuum Insurance.