Cyber Security is Everyone’s Business

October is Cyber Security Awareness Month in Australia, themed ‘cyber security is everyone’s business’. The government led campaign is aimed at drawing attention to the growing incidence of cyber-attacks, and helping Australians strengthen their resiliency against future attacks.

The risk of cyber-attacks is one of growing concern for business leaders, with statistics underpinning that the threat is considerable. Cybercrime is reported every 6 minutes on average in Australia, with approximately 94,000 incidents reported last year, an increase of 23% compared to the year prior1.

Small and medium-sized enterprises (SMEs) are becoming increasingly vulnerable to attack, with hackers viewing SMEs as potentially easier targets than larger corporates, having fewer resources to protect systems and critical infrastructure.

Accordingly, it’s important for SMEs to consider how they can minimise risks and exposure, as hackers increase in sophistication through leveraging AI and machine learning to expand their speed, scale and reach.

In response to the increasing cyber threat within Australia, IAG recently launched ‘Cylo backed by CGU’, a cyber insurance agency providing coverage for SMEs with an annual turnover of up to $10m. Cylo encompasses a holistic three-step approach of resist, respond and recover, working in partnership with market leaders UpGuard and Crawford & Co.

While traditionally SMEs may have solely relied on anti-virus software to mitigate against cyber-attacks, Cylo - Chief Underwriting Officer, Con Bakas, says it may not be enough.

“What we're seeing, even at a basic level, is that some of the critical elements that small businesses use in terms of baseline risk management, like malware protection and backups, isn’t enough."

Hackers are becoming very courageous and clever in terms of the way they're attacking systems. They’re trying to find businesses that don't have the necessary controls.

Con Bakas

Cylo - Chief Underwriting Officer

The advantage of cyber insurance, says Mr Bakas, is it allows businesses to recover and provides a financial edge, however in Australia, only around 20% of SMEs take up cyber cover2.

This raises concerns around cyber risk understanding and preparedness amongst small business, said Mr Bakas.

“What happens when there’s an incident, are they ready with an incident response plan? If a hacker seizes their systems and demands a ransom - who and how will they manage it? That's where it's incredibly important to have a more holistic approach to cyber security, but also to have cyber insurance.”

Mr Bakas suggests at a minimum, small businesses acquaint themselves with the Essential Eight, a framework designed by the Australian Signals Directorate (ASD) to help organisations protect themselves against various cyber threats. These are:

  1. Patch applications: Keeping all software up to date to fix vulnerabilities.
  2. Patch operating systems: Regularly updating computers and software to prevent security risks.
  3. Multi-factor authentication: Using MFA to decrease the likelihood of a business being compromised.
  4. Restrict administrative privileges: Managing permissions and limiting who can make changes in systems.
  5. Application control: Managing the software the business uses and blocking unauthorised software.
  6. Restrict Microsoft Office macros: Disabling potentially harmful macros in documents.
  7. User application hardening: Securing apps by disabling risky features.
  8. Regular backups: Ensuring data can be restored by routinely backing it up.

While the average cyber claim cost is around $46,000 for SMEs and approximately $97,000 for larger businesses3, it’s the business interruption that can cause the most damage, says Mr Bakas.

“It’s almost impossible for most organisations, especially SMEs and their brokers, to know what to do when an attack happens. That’s where the value of a cyber insurance policy comes into play, in terms of being able to respond quickly. Having experts rapidly analyse an incident, triage and provide a solution as quickly as possible helps SMEs get back on their feet sooner.

“We’re proud of the ecosystem we’ve created through Cylo, providing a solution for small businesses to better identify and manage their cyber risks. While always hopeful it will never be needed, it’s comforting for business owners to know they have the protection in place if needed.”

To learn more about the Essential Eight and other ASD resources available for businesses, please visit: Resources for business and government | Cyber.gov.au

To find out more about Cylo backed by CGU, please see: Cylo | Cyber Insurance for Small Businesses

This insurance product is distributed by Cylo Australia Pty Limited ABN 29 666 378 909 Authorised Rep No. 001303389 (Cylo), an authorised representative of IAG Agencies Pty Limited, ABN 11 147 749 139 AFSL 471282. Cylo acts as agent of the issuer Insurance Australia Limited trading as CGU Insurance ABN 11 000 016 722 AFSL 227681, pursuant to a binder agreement.

 

1 ASD Cyber Threat Report 2022-2023

2 Insurance Council Australia Issues in Focus

3 ASD Cyber Threat Report 2022-2023