Cybercrime is on the rise in Australia and alarmingly, we now rank as one of the world’s most hacked countries. In 2014, around 11,000 incidents were reported to CERT Australia, the national response team for cyber security issues affecting businesses.
Further, cyber risks have now moved into the top 5 business risks globally. And in a recent PwC survey of Australian CEOs, cyber risk was rated the second highest threat to business growth.
Australian Cyber Security Centre co-ordinator, Major General Stephen Day, told the Australian Financial Review that: “the cyber threat comes from a range of sources including individuals, issue-motivated groups, organised criminal syndicates and the intelligence services of some foreign governments”.
Australia’s increasing vulnerability to cybercrime is demonstrated by recent phishing scams targeting Australia Post customers:
“Australia Post continues to warn customers of scam emails which are circulating at the moment, one in which advises customers to click on a link, print out a voucher and take into a post office to pick up collection and another which advises to download a receipt of a parcel and reconfirm your home address.”
Another common cyber-attack is the ‘crypto locker’. This involves hackers placing malware, or ransomware, onto a company’s network and encrypting all files so they cannot be opened. The hackers then demand a ransom be paid in order to un-encrypt the operating system.
According to senior industry analyst, Charles Lim, “… Australians have become the next key target of ransomware, just after the Americans. The crypto locker attacks … were effective to force victims to pay up for their files to be unlocked, and an estimated 50-60% of the global generated attacks [using] ransomware were detected in Australia.”
Tips to protect your business
While the risk of cyber-attack is on the rise, there are measures you can take to help prevent cybercrime impacting you and your business:
- Install security software on all computers and mobile phones and keep computers, your website and Point-of-Sale (POS) systems up to date with the latest security updates and patches.
- Protect your personal information.
- Require the use of strong passwords which include letters (upper and lower case), numbers and symbols. Avoid the use of personal information such as logins or surnames or words found in the dictionary.
- Be alert for any unexplained bank transactions or missing mail.
- Regularly check your credit report from a credit-reporting agency.
For more tips, read keeping your online business activity safe and secure from the Australian Government’s business.gov.au website.
Insurance to protect against cybercrime
While you can take measures to reduce the risk of your business falling victim to cybercrime, there’s always the possibility that a costly cyber-attack may occur. There are a number of specialist insurance policies available that provide protection to businesses of all sizes.
Typically, cyber-insurance covers:
- Network interruption costs
- Crisis management
- Remediation and forensic investigation
- Data restoration, and
- Third-party claims for unauthorised publication of data.
Westlawn Insurance Brokers have access to a number of specialist cyber-insurance policies to cover your business against the risks of cybercrime. The below table shows some possible cybercrime scenarios and a typical response from the insurer.
How cyber-insurance can protect your business
|Example||Claim scenario||Insurer’s response|
|Lost laptop||A laptop containing lists of customer and personal contact information is lost.||Costs of contacting the customer list and advising them of the situation together with associated costs of appointing a credit monitoring service are covered.|
|Client designs destroyed in virus attack||Customer designs compromised after work colleague opens an email that lets a virus into the network.||Insurer’s response team helps mitigate impact of virus and stops it infiltrating system any further. Removal of virus from system. Associated costs of mitigating further loss or damage and costs of restoring data are covered. Revenue impact on business as a result of the cyber event is covered.|
|Patient personal information||IT infrastructure accessed and a copy of all your patient records may have been obtained.||Insurer’s response team appoints a firm to contact your patients and communicate the situation to them. Credit monitoring service is appointed to ensure patients’ financial records can be watched and any issue managed appropriately. Costs of securing your system, contacting patients and related credit monitoring costs are covered.|
|Unauthorised sale/use of
|Customer alleges that a failure of your IT system has led to financial information being obtained leading to their credit rating being impacted. On investigation, an employee has copied these records and passed them onto criminal gang committing credit fraud.||Insurer appoints forensics investigator to assist with securing data and implementing preventative measures. Credit monitoring facility established to identify any unusual credit activity. Defence costs and payment of award, fine or penalty are covered.|
|Extortion attempt||You receive an extortion email. It’s clear that if you don’t comply with demands, your business will be impacted.||Insurer’s response team determines threat is genuine. Team neutralises threat to your business and no extortion monies are paid. Costs to protect your operations and neutralising threat are covered.|
|One of your suppliers
suffers a cyber event
|Supplier advises you that they have had a significant cyber event and cannot use computer systems to manage customer delivery cycles. You have been unable to find a temporary solution for stock supplies. You suffer business downturn.||Insurer pays impact on business costs where your supplier is subject to a cyber event as described in policy wording.|
Contact Westlawn Insurance Brokers today
To learn more about insurance to protect your business from cybercrime, contact Westlawn Insurance Brokers today.
- Call us on 1300 WESTLAWN (1300 937 852)
- Email us at firstname.lastname@example.org
25 August 2015