Smaller companies should be just as cautious when it comes to cyber attacks.
Cyber insurance seems to be a trending buzzword for many businesses. Many executives believe that large corporations are the only victims of cyber attempts, but that’s not necessarily the case. Claims against smaller companies can be just as devastating.
What does it cost to my entity to not have cyber insurance in place?
According to the Australian Cyber Security Centre (ACSC), there have been more than 13,500 reports of cybercrime from individuals and business in just three months, which equates to one case being referred every 10 minutes. The cases can be as simple and innocent as attaching an incorrect document to an email to more complicated situations such as cyber fraud or hacking attacks. Among organisations, email compromise to trick online payments by pretending to be a legitimate employee or supplier is very common. Another common threat uses ransomware where the perpetrators seize up the victim’s computer system and ransom for large sums of money.
The risks associated with cyber can be significant, including:
- Claims against your organisation for privacy breach for loss of private information due to the tightening of Australian privacy laws
- Business interruption
- Reputational harm
- Legal repercussions
- Investigation and recovery costs
According to Stay Smart Online, an Australian Government Initiative, the average cost of cyber-crime attack to a business is $276,323.
If you have any form of electronic system to store Company information or customer data, process payments online, investing in cyber insurance is a worthwhile investment to consider.
Isn’t it covered by my existing insurance policies?
While cyber risk is pervasive, many entities fail to realise they are rarely covered under their traditional insurance policies. It may be addressed under your existing insurance policies, but as each policy is covered for a distinct purpose, management and those in governance should be aware of gaps in coverage.
As a first step, it is important for management to take a step back and review their risk policies in place.
Here’s some factors that are well worth your consideration:
Assess your entity risk profile and target the red-flag areas
Before deciding the coverage, it is important to understand what risks are unique to your entity. Your entity’s industry, geographic distribution, employee skills mix, volume and type of transactions should be considered to uncover any specific areas that are highly vulnerable to cyber threats.
Find out the existing cover you already have in place
Under existing policies, you maybe covered for certain cyber related losses, however, there may be significant exclusions in the policy.
Ongoing review and testing of security policies and practices
It is very important to regularly review policies and procedures in relation to cyber and other financial controls. It is even more pertinent to test that everyday practices adhere to the established policies and procedures.
Not every business will need large coverage values, but even small “Mom-and-Pop” businesses are increasingly reliant on cloud storage and digital services which leads them to cyber fraud exposure.