Cybercrime on the rise: How to protect your business

By Chris Dougherty, General Manager, Westlawn Insurance
25 August 2015

Cybercrime is on the rise in Australia and alarmingly, we now rank as one of the world’s most hacked countries. In 2014, around 11,000 incidents were reported to CERT Australia, the national response team for cyber security issues affecting businesses.

Further, cyber risks have now moved into the top 5 business risks globally. And in a recent PwC survey of Australian CEOs, cyber risk was rated the second highest threat to business growth.

Common cyber-attacks

Australian Cyber Security Centre co-ordinator, Major General Stephen Day, told the Australian Financial Review that: “the cyber threat comes from a range of sources including individuals, issue-motivated groups, organised criminal syndicates and the intelligence services of some foreign governments”.

Australia’s increasing vulnerability to cybercrime is demonstrated by recent phishing scams targeting Australia Post customers:

“Australia Post continues to warn customers of scam emails which are circulating at the moment, one in which advises customers to click on a link, print out a voucher and take into a post office to pick up collection and another which advises to download a receipt of a parcel and reconfirm your home address.”

Learn more about scams targeting Australia Post customers. We also recently posted an article on tax time scams.

Another common cyber-attack is the ‘crypto locker’. This involves hackers placing malware, or ransomware, onto a company’s network and encrypting all files so they cannot be opened. The hackers then demand a ransom be paid in order to un-encrypt the operating system.

According to senior industry analyst, Charles Lim, “… Australians have become the next key target of ransomware, just after the Americans. The crypto locker attacks … were effective to force victims to pay up for their files to be unlocked, and an estimated 50-60% of the global generated attacks [using] ransomware were detected in Australia.”

Tips to protect your business

While the risk of cyber-attack is on the rise, there are measures you can take to help prevent cybercrime impacting you and your business:

    • Install security software on all computers and mobile phones and keep computers, your website and Point-of-Sale (POS) systems up to date with the latest security updates and patches.
    • Protect your personal information.
    • Require the use of strong passwords which include letters (upper and lower case), numbers and symbols. Avoid the use of personal information such as logins or surnames or words found in the dictionary.
    • Be alert for any unexplained bank transactions or missing mail.
    • Regularly check your credit report from a credit-reporting agency.

For more tips, read keeping your online business activity safe and secure from the Australian Government’s website.

Insurance to protect against cybercrime

While you can take measures to reduce the risk of your business falling victim to cybercrime, there’s always the possibility that a costly cyber-attack may occur. There are a number of specialist insurance policies available that provide protection to businesses of all sizes.

Typically, cyber-insurance covers:

    • Network interruption costs
    • Crisis management
    • Remediation and forensic investigation
    • Data restoration, and
    • Third-party claims for unauthorised publication of data.

Westlawn Insurance Brokers have access to a number of specialist cyber-insurance policies to cover your business against the risks of cybercrime. The below table shows some possible cybercrime scenarios and a typical response from the insurer.

How cyber-insurance can protect your business

ExampleClaim scenarioInsurer’s response
Lost laptopA laptop containing lists of customer and personal contact information is lost.Costs of contacting the customer list and advising them of the situation together with associated costs of appointing a credit monitoring service are covered.
Client designs destroyed in virus attackCustomer designs compromised after work colleague opens an email that lets a virus into the network.Insurer’s response team helps mitigate impact of virus and stops it infiltrating system any further. Removal of virus from system. Associated costs of mitigating further loss or damage and costs of restoring data are covered. Revenue impact on business as a result of the cyber event is covered.
Patient personal informationIT infrastructure accessed and a copy of all your patient records may have been obtained.Insurer’s response team appoints a firm to contact your patients and communicate the situation to them. Credit monitoring service is appointed to ensure patients’ financial records can be watched and any issue managed appropriately. Costs of securing your system, contacting patients and related credit monitoring costs are covered.
Unauthorised sale/use of
sensitive information
Customer alleges that a failure of your IT system has led to financial information being obtained leading to their credit rating being impacted. On investigation, an employee has copied these records and passed them onto criminal gang committing credit fraud.Insurer appoints forensics investigator to assist with securing data and implementing preventative measures. Credit monitoring facility established to identify any unusual credit activity. Defence costs and payment of award, fine or penalty are covered. 
Extortion attemptYou receive an extortion email. It’s clear that if you don’t comply with demands, your business will be impacted.Insurer’s response team determines threat is genuine. Team neutralises threat to your business and no extortion monies are paid. Costs to protect your operations and neutralising threat are covered. 
One of your suppliers
suffers a cyber event
Supplier advises you that they have had a significant cyber event and cannot use computer systems to manage customer delivery cycles. You have been unable to find a temporary solution for stock supplies. You suffer business downturn.Insurer pays impact on business costs where your supplier is subject to a cyber event as described in policy wording.

Contact Westlawn Insurance Brokers today

To learn more about insurance to protect your business from cybercrime, contact Westlawn Insurance Brokers today.

Copyright © 2015