Chances are it is not only going to be a crap day but month ++
Many SME owners believe that they don’t have to worry too much about cyber crime. After all, why would Internet villains bother with small fry when they could go after heavy hitters such as Yahoo, eBay or Uber? - Wrong
Unfortunately, cyber criminals take an equal-opportunity approach. While they can and do target large organisations, they also realise such organisations have the resources to spend big on cybersecurity. It’s often quicker and easier for them to extort $1,000 from 1,000 small businesses they’ve infected with ransomware than to try to hack into a larger business in the hopes of earning $1 million. It’s the cyber attacks that devastate multinationals or large government departments, such as Petya and WannaCry that get all the media attention. But, without generating any headlines, tech-savvy crooks target millions of SMEs each year.
While it’s hard to get reliable figures (no business wants to advertise the fact it’s been hacked), it’s estimated around half of all cyber attacks target SMEs. Even worse, the number of cyberattacks has increased exponentially in recent years. Globally, it’s estimated that 4000 ransomware attacks occur and 230,000 new malware samples are produced every day. Microsoft claims cybercrime now costs the global economy around US$500 billion (A$660 billion) annually and that 20 per cent of SMEs have been targeted by malicious actors.
Cyber crime includes all of the following:
Everybody who uses a computer– or even just a mobile phone or iPad – for work purposes can be a victim of cyber crime
The two cybercrimes SME owners most need to be worried about are ransomware attacks and data breaches. A ransomware attack involves a business’s files being encrypted and thus rendered unusable. In the digital age, this can quickly result in operations grinding to halt, which in turn soon means revenue stops flowing in. Business owners often pay a substantial but not excessive ransom (the average demand is around $1,000) to have their files unencrypted. In the case of a data breach, the cybercriminal steals data (think addresses and bank account details) about a business’s customers or, more rarely, staff. This data is then used for identity theft, fraud or extortion.
In the past, a SME that failed to safeguard the personal data it was entrusted with typically only had to worry about suffering reputational and legal consequences in the event word of the data breach got out. In February, the Federal Government introduced the Notifiable Data Breach (NDB) scheme. As the name suggests, this requires organisations, including businesses, to notify individuals affected by data breaches likely to result in serious harm. Failing to comply with the NDB scheme can attract fines of up to $2.1 million. Of course, complying with it could result in your clients making legal claims against you. At the very least, those clients will not be inclined to place their trust in your business in future.
It’s both possible and advisable to minimise the risk of a cyber attack. This is done through some combination of the following:
Unfortunately, even if you do have all the right systems and software in place, your business is still at risk. If major banks, governments and even Google can fall victim to cyberattacks, anyone can.
Fortunately, while you can never 100 per cent guarantee your cybersecurity won’t be breached, you can insure against the costs that often arise in such a situation. A cyber insurance policy can cover you for expenses related to the following:
If you’d like to know more about Cyber Insurance contact Business Insurance for Women.