Cybercrime is on the rise. Doing nothing may be the biggest risk of all
As people, business and governments all become more reliant on interconnected computer networks, more economic value is digitised and stored online, making the rewards of cybercrime ever more attractive. From financial crime to theft of personal or confidential business information, cybercriminals have plenty of enticing targets.
It’s also true that as business models go, cybercrime is a winner. The returns are high, the risks are low, and the figures astounding. In fact, the two most common techniques employed by criminals - social engineering, where a cybercriminal tricks a user into granting access, and vulnerability exploitation, where he/she takes advantage of a programming or implementation failure to gain access – are both surprisingly cheap. Yet McAfee estimates the annual cost of cybercrime to the global economy at more than $400 billion.
Cybercrime is now the number one economic crime Australian companies face.
Unfortunately, Australia is increasingly in the firing line. According to a recent report prepared by PwC Australia, 65% of Australian organisations experienced some form of cybercrime in the past 2 years, and cybercrime has now moved from being a statistically insignificant economic crime in Australia in the past six years, to the number one economic crime organisations face.
At the same time, Australian organisations are underprepared. Only 7% said they used any form of sophisticated internal monitoring aimed at detecting and/or preventing loss, yet the losses can be substantial. Ten percent of Australian companies surveyed said that some cyber events cost them in excess of $1 million.
The Australian Cyber Security Centre (ACSC), run by the Federal Government, released a report in 2016 on cyber threats. In it ACSC outlines the types of threats that cyberattacks pose to government, the private sector and critical infrastructure and released data showing which industries have the highest number of cyber security incidents.
And it’s not just corporates which are alarmed about the rise of cybercrime in Australia. The Federal Government’s “Stay Smart Online” group estimates that over 60% of all targeted cyberattacks struck small and medium businesses. And when the average cost of a cyberattack is around $276,000 –it’s something worth worrying about. Business disruption, productivity loss and revenue loss, cited by businesses as the most significant effects of cybercrime, are costs which small and medium businesses find difficult to bear.
What business can do to protect themselves from a cyber event.
Protecting your business against cyber risk is an ongoing challenge, but one which must be taken seriously. The ACSC stresses that it is crucial for Australian businesses to respond quickly to cyber events, and needless to say, prevention is better than cure.
However, the ACSC also points out that relatively few Australian organisations are sufficiently planned or prepared for a cyber event – so effective management after the event can be the best risk mitigation strategy. Decreasing the severity and cost of cyber event as much as possible is crucial – but once loss has occurred, a cyber event insurance can help cover losses to both the business under attack and third parties, giving businesses time to respond.
When considering insurance for cyber risk, it’s crucial to choose a specialised insurer. Cyber risks are changing and new risks emerging constantly. Talk to us for help in understanding the risks your client's business faces, and what tailored protection is available to address their needs.
The costs of a cyberattack can be enormous. However, with the right insurance policy you can rest assured that you won’t be financially exposed should your business fall victim to an attack.