Cybersecurity might seem like a concern only for large corporations, but recent events have shown that small businesses are equally vulnerable. Many SMEs view cybersecurity as too complex, costly, and time-consuming to set up and manage alongside their daily operations.
In May last year, FIIG Securities, a fixed-income broker, suffered a significant data breach due to inadequate cybersecurity measures. Hackers accessed their systems undetected for nearly three weeks, stealing about 385GB of sensitive client data. This breach affected about 18,000 clients, exposing personal information such as names, addresses, and financial details.
The Australian Securities and Investments Commission (ASIC) has since taken legal action against FIIG Securities, highlighting the importance of robust cybersecurity practices for all businesses, regardless of size.
Small Businesses Are
Prime Targets
It’s a common misconception that cybercriminals only target large organisations. In reality, small businesses often lack the resources for advanced cybersecurity, making them attractive targets.
Any business with internet-connected computers is exposed to cyber risks such as malware, denial-of-service attacks, or data breaches. More than nine in 10 breaches are attributed to human error.
The Australian Cyber Security Centre (ACSC) reported that in the 2022-2023 financial year, the average cost of cybercrime for small businesses was $46,000. That marked a 14% increase from the previous year.
As well, an ACSC survey reveals that more than six in 10 small businesses have experienced a cybersecurity incident, yet only 36% have a cybersecurity plan and actively train their staff.
Meeting Basic Cybersecurity Standards
To protect your business, implement fundamental cybersecurity measures. ASIC expects businesses to take reasonable steps based on the nature of the data they hold.
Key measures include:
Updated firewalls and antivirus protection:
Regularly update and monitor your systems to defend against threats.
Regular patching of software:
Ensure all software is up to date to address known vulnerabilities.
Multi-factor authentication (MFA):
Add an extra layer of security to your login processes.
Documented incident response plans:
Have a clear plan to respond to cybersecurity incidents.
Access to cyber expertise:
Whether in-house or outsourced, ensure you have experts to manage your cybersecurity.
Neglecting these fundamentals can leave your business exposed to significant risks.
The Role of Cyber Insurance
While the above measures provide a foundation, cyber insurance serves as an extra safety net to mitigate cybercrime risks. Cyber insurance can cover legal costs, data breach responses, client notifications, business interruptions, and more.
It can also cover crisis management costs, such as legal support, IT forensics, credit monitoring, and communications, as well as extortion response, lost income from business interruption, data restoration, and third-party liability for claims from regulators or affected clients.
Other benefits often bundled with policies include free or discounted access to cybersecurity experts, threat intelligence, IT vulnerability checks, and training—services that can reduce your risk and lessen the impact of a cyberattack.
However, it’s crucial to understand that insurers may limit or deny coverage if basic security controls are not in place.
Insurers now expect businesses to have essential cyber protections like multi-factor authentication, secure backups, staff training, and a response plan. If your setup doesn’t align with your policy—or hasn’t kept updated with changes like new systems or additional data—your claim could be denied, even if the policy is active.
Regular policy reviews help ensure you remain covered as your business and cyber risks evolve. They also keep you informed of any new exclusions or requirements, like extra cover for social engineering. Staying current can protect your eligibility and enhance your response if something goes wrong.
Staying Compliant and Secure
To maintain compliance and protect your business:
- Sign up for alerts from the ACSC: Act promptly on notifications to stay ahead of threats.
- Train staff regularly: Educate your team on phishing, password security, and incident reporting. For instance, your finance staff may play a crucial role in your front line defence against breaches.
- Conduct annual cyber audits or risk assessments: Use internal resources or third-party experts to identify vulnerabilities. Start with this official cyber security checklist.
- Document and review IT and data protection policies: Keep your policies up to date and ensure they reflect current best practices.
Partnering for Protection
As your broker, we understand the unique challenges small businesses face in the digital landscape. We are here to work with you to assess your cybersecurity needs, ensure you meet necessary standards, and find the right insurance solutions to protect your business.
Take proactive steps to strengthen your cyber defences. Partner with professionals who understand cybersecurity and insurance to protect your business from threats and financial loss.
