In 2023 the Australian Cyber Security Centre (ACSC) received reports of a cyber attack every seven minutes. Small businesses are not immune. In fact cyber criminals deliberately target small businesses because they know technology and security may be weaker. Fortunately every small business has the opportunity to put preventative measures in place, and there is plenty of support available from government cyber security online resources as well as the expertise of Gallagher cyber risk management specialists.
Cyber risks can damage businesses financially, operationally and from a reputation perspective. Imagine if you couldn't log on or access your scheduling for the day or month, or someone took over your identity and started stacking up bills in your name, or broke into your e-mail, impersonated you and started sending invoices out to your customers with a fake account embedded into those invoices. These scenarios are day-to-day realities, so it's critical that you understand your risk and address it in the most effective way you can.
Ransomware continues to be a major threat to all Australian businesses, and small businesses specifically are constantly under attack. (Note: if you back up your business data regularly you are less likely to need to pay a ransom for its return.)
The costs associated with data breaches, business downtime, legal fees and reputational damage are high. In the 2021‒2022 financial year the average cost per cybercrime reported to the ACSC rose to over $39,000 for small businesses. For 2022‒23 this figure rose by more than 10% to $46,000. This is enough to send some companies to the wall, but help is available, firstly through simple security measures, and secondly through cyber insurance.
The first step would be to secure your systems and accounts by:
The Australian Government provides support through its recommended risk management framework called the Essential Eight1. The government cyber.gov.au website provides clear directives for the specific controls that need to be implemented in order to achieve a reasonable level of cyber security for your business. There is a small business guide2 which breaks these controls down into easy to understand sections.
We have seen an uptick in the incidence of expensive claims resulting from cyber attacks on IT service providers of small businesses. Often these managed service providers have weaknesses in their own security which then impact their clients.
Managed service providers are a major target for cyber criminals due to their ability to hit multiple victims in one attack. For this reason you should be asking the following questions of yourself and your IT service providers:
Cyber insurance is now accessible and affordable to businesses of all sizes. Your Gallagher cyber insurance broker can run scans of your IT environment and help you understand where your risks are.
Without insurance your business will bear all the costs involved with a data breach, which can escalate very quickly. Insurance provides protection from when you first suspect you have a problem until you're back to business as usual and gives you access to experts who guide you through all the steps involved.
1Australian Centre for Cyber Security's Essential Eight, Australian Government, Australian Signals Directorate, 27 Nov 2023.
2Small Business Cyber Security Guide, Australian Government, Australian Signals Directorate, June 2023.
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.
Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312
