Cyber risk is one of the leading dangers for Australian small to mid-sized businesses, with companies employing between 1 – 250 people the most at risk. The average cost of a cyber incident in Australia is more than $250,000, so you must protect your business from these emerging risks.
Cyber incidents can result in thousands of dollars in remediation costs. Some of these include:
- Costs incurred having to notify your customers
- Hefty Australian Notifiable Data Breach (NDB) Fines
- Extortion costs from ransomware
- Settling lawsuits from customers or employees for the loss of personal information
Unfortunately, small businesses are one of cybercriminals favourite targets.
A cyber incident can be as simple and innocent as attaching the wrong file to an email to more complicated situations such as a data breach by a hacker and the loss of personally identifiable information.
What is Cyber Insurance?
Cyber insurance protects your business from the costs associated with these incidents.
Cyber insurance policies can cover some or all the following:
- Claims against you for privacy breach and loss of employee, personal or corporate information
- Loss or damage to your IT systems, records, and data
- Business interruption arising from a cyber event
- Liability arising from a hacker attack or virus
- Brand and personal reputation protection
- Copyright and trademark infringement
- Costs of negotiating and mediating due to an extortion attempt
- Breach of statutory duties
- Fines and penalties incurred due to a privacy breach, as well as cover for your defence and investigation costs
Examples of a Cyber Breach
Example A: A business emailed a group of customers to promote an upcoming sale. The staff member intended to attach a flyer to promote the sale. Instead, they accidentally attached a spreadsheet containing a customer list, including customer names, addresses and credit card information.
Example B: A business discovered that one of its servers had been infiltrated by an unidentified third party to access files. The information that was accessed contained customer names, addresses and financial details like bank account details and credit card information.
Is Cyber Security Insurance necessary?
In general, if you process payments online, use cloud-based systems to store company information or store customer information on any device, you should probably invest in cyber insurance.
General liability insurance likely will not cover the expenses that could result after a data breach.
What are the implications for my IT?
Though cyber insurance can provide coverage for a wide variety of security incidents, insurance providers had often denied claims when a company failed to secure sufficient protective measures.
Businesses have been denied claims for failing to re-assess its information security exposure and enhance risk controls, as well as to deploy a system to detect unauthorised access or attempts to access sensitive information stored on their servers as signs that it wasn’t taking adequate steps to minimise its risk.
In other words, if you are not willing to continually monitor your cybersecurity and make upgrades when necessary, you may not qualify for claims if an incident takes place – no matter how high of a premium you pay.
Additionally, businesses should implement cybersecurity best practices, such as encrypting your information, training staff members to identify phishing attempts, installing anti-virus software, and regularly monitoring the performance of your infrastructure. Businesses can demonstrate their commitment to security. These are also the indicators an insurance company will look for to determine whether you qualify for coverage.
When determining what type of insurance policy to buy, it is best to make some self-determination before approaching an insurance provider. After all, you know your business more than they will.
Look at your industry, products and services and your annual turnover. Next, consider the type of information you retain on your internal systems. Then calculate the value of the data if you had a data breach. This information will be required to determine the right level of cover for your business.
Finally, engage a Managed Services Provider like GCITS. We deploy IT security to industry best-practice and continually monitor and maintain your infrastructure. If you advise your insurance provider that you have engaged a Managed IT Services Company, they have access to more favourable policy pricing.