Cybercrime… is your business adequately covered?

The rapid evolution of technology has been a double-edged sword. While it has created efficiencies in businesses, it has also enabled an entirely new breed of crime – cybercrime.

As Four Corners reported earlier this week the need for stronger cyber security measures has never been greater, with thousands of Australian computer logins being sold on the dark web for as little as $6.

In this article, Crowe Horwath’s Director of Risk Consulting Matthew Fijalkowski explains how you can minimise the risk of your business becoming a cybercrime victim.

The theft of intellectual property and other commercially sensitive information is common and can have a devastating impact on a business’ reputation, profitability and competitiveness. As well as theft, there has been a significant surge in the number of ransomware incidents with four times the number of respondents reporting in 2015 (72 per cent) as compared to 2013 (17 per cent). The Australian Cyber Security Council identified small to medium enterprises (SMEs) are particularly vulnerable, as they often lack high-end security measures.

The risk to SMEs

The Ponemon Institute’s 2015 Cost of Data Breach Study, which included Australian organisations, showed the average total cost of a data breach increased over two years to US$3.79 million (about AU$5.28 million) on rectifying a malicious online attack. This figure was 23 per cent higher than in 2013.

“Direct and indirect costs of data breaches are growing exponentially, with business interruption, lost market value and remediation expenses just some of the consequences,” said Matthew Fijalkowski.

Mr Fijalkowski says SMEs can implement a number of low-cost measures to protect their businesses against cybersecurity threats:

  • User education
  • Web and email content filtering
  • Patching policies (operating systems, applications)
  • Restricting administrative privileges
  • Anti–virus and firewall protection
  • Third party Audits of IT operation and environments.
  • A survey of UK, USA and Australian businesses recently revealed that just 37 per cent of SME owners feel their organisation is ready to manage a cybersecurity incident. Nearly one-third of IT decision-makers said they were forced to juggle technology security along with other job functions, leaving them stretched thin.

    Cybercrime risk management

    Australian organisations face various challenges with their cybersecurity, but SME owners can mitigate the negative outcomes of breaches using the right risk management approach.

    “We find a common theme in cybercrime studies is the need for more user education. The very best security can come undone if a user does something they shouldn’t do.

    “Given it is estimated a successful cyberattack could cost a business over $433,000, spending time adequately educating staff is time well spent,” Mr Fijalkowski said.

    However, even the most diligent business cannot protect against every eventuality, which is why discussing risk management with a professional adviser is recommended. They can provide a tailored risk and insurance solution that caters to an organisation’s specific cybersecurity needs.

    “Typically, traditional insurance policies don’t include extensive cybersecurity clauses.” Mr Fijalkowski said. “With businesses evolving to become more reliant on technology, ensuring they are adequately covered is extremely important.”

    “Public liability, professional indemnity, fidelity/crime and industrial special risks insurance are usually not designed to handle such issues so you need to be very careful when reading the fine print to ensure you’re adequately covered.”

    Mr Fijalkowski recommended businesses that do any of the following should particularly consider reviewing their insurance for cybersecurity cover:

  • Store proprietary information online
  • Generate revenues over the internet
  • Maintain personal employee and customer information via IT systems
  • Share confidential data with third-party providers.
  • Does your business fall into one of these categories? Check your insurance with a Crowe Horwath adviser to find out whether it suitably covers your requirements. Otherwise, a malicious cyberattack could end up costing the company hundreds of thousands – or even millions of dollars – as well as suffer a loss of reputation.