Picture this. You operate in the medical technology industry and are an innovator in infection prevention. On the day before a long weekend, you inadvertently click on a link in a phishing email that was designed to appear as if it had been sent by another employee. This gave the perpetrator access to your email account. Within minutes, the perpetrator has sent thousands of further similar phishing emails to internal and external contacts of yours.
The email subject specified a business-related proposal, encouraging more and more people to click on it and compromise their own email accounts and data. Enough to make you feel sick, isn’t it!
Luckily, through their cyber insurance policy, this medtech business was covered for the fees involved in hiring an IT forensic firm, which determined the cause and extent of the breach and the extent that the mailboxes were compromised. The findings were then presented to the business stakeholders, who were assured that all risks had been mitigated and that they could resume operating as normal the next business day.
This is just one of many recent cyber insurance claims we have processed, resulting in a positive outcome for a very concerned business owner.
While many people feel like it will never happen to them, the stats tell us otherwise. According to Accenture, “43% of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves.”
So, the question is, what role does cyber insurance play in helping SME businesses to defend against the risk of cyber attack?
What is the Role of Cyber Insurance?
Every business that has a website or electronic records is vulnerable to cybercrime or an accidental data breach – and the consequences of such incidents can be very hefty, resulting in irreparable damage to a business or an individual’s reputation. This includes threatening intellectual property or putting customers' personal information at risk.
The consequences are also extremely costly, with many businesses liable for the costs of reporting the breach, legal claims and remediating losses suffered by customers or clients, with figures of this reported to be in the millions.
In the past, cyber attacks predominantly impacted big business and government agencies, but this is no longer the case. And the pandemic has further heightened the extent of cyber risk to small businesses in Australia.
SME businesses are at a higher risk of cyber crimes due to lacking a dedicated IT officer and many believe it’s not necessary to have cyber insurance for a small company, as they assume the risk of a cyber attack is lower than a company with thousands of employees. Hackers see SMEs as easy, frequent hits.
The onset of COVID-19 has seen most SMEs adapt to a work-from-home environment for their employees, and businesses are rapidly implementing new policies giving employees flexibility to work from home a couple of days a week, regardless of COVID-19 restrictions.
Working from home can certainly be a plus for employees wishing to avoid the commute; however, it causes a much greater risk for businesses, as employees often work from unsecured home network connections, which presents new opportunities for cyber criminals. This is where cyber insurance can help.
What is Covered by Cyber Insurance?
Cyber insurance covers your business against a wide range of internet-based risks and liability in the event of a cyber breach or attack, such as computer hacking, ransomware or data theft.
Cyber insurance can help cover financial loss to your business, customers and other parties following a cyber attack or breach. This may include costs associated with defence of legal claims, loss of revenue, hiring negotiators and paying ransom, recovering or replacement of records or data and prevention of further attack.
Cyber attacks can also come in the form of phone calls, such as remote access scams where scammers contact people over the phone to try and access their computer and steal money or be privy to confidential and secured files. Many of these scammers pretend they are from companies such as Telstra, Microsoft or NBN, asking for remote access into individuals computers, hacking them within a matter of minutes, gaining access to files, personal emails, bank accounts and much more.
There has been a report of a huge increase in these cyber attacks in recent months in lockdown-stricken areas, suggesting cybercriminals are preying on people who are housebound and easy to contact.
In 2020, the Australian market saw an increase in cyber insurance premiums by 15-20%. The cyber insurance market continues to be a means of transferring risk – increased awareness of this has led to a 20% growth in cyber insurance policies. Manufacturing, transportation and government entities are amongst some of the new buyers; other sectors, including healthcare, energy and retail, have also shown a general uptick.
As well as cyber insurance for SMEs, individuals that use their home IT and internet-connected smart devices for personal reasons can purchase personal cyber insurance. Cover extends to family members residing with you at the Home Address.
In order to qualify for personal cyber protection, the Policyholder must be a natural person who resides at the Home Address shown in the Schedule. This is a great option for individuals wanting to protect their personal details, particularly those who would not fall under their employer’s cyber insurance policy should a cyber attack occur via their home network, gaining access to their bank accounts and other personal information.
How does a Business Purchase Cyber Insurance?
If you’re an SME business owner, it’s so important to have a cyber insurance policy in place. Despite the misconceptions, it doesn’t cost you a lot. Especially when you weigh up the risks. To discuss your cyber security insurance requirements, please contact our Melbourne-based Cyber Insurance team who can assist you – whether you’re an SME business owner or an individual looking to protect yourself from cyber attack – and will ensure you are adequately protected, providing peace of mind in an ever-changing digital world.