There are many reasons to manage cyber security risk. So, if you’re wondering whether to make enhancing cyber security a priority for your business, here are four things to consider.

 

4 reasons to manage cyber security risk:

1. Regulatory Enforcement:

Last week the Australian Prudential and Regulation Authority (APRA) increased Medibank Private’s capital adequacy requirement by $250 million following their cyberattack in October 2022.

Why? To encourage Medibank to implement its IT security improvements faster.

In case you missed it, Medibank Private’s cyberattack was one of Australia’s most significant data breaches ever. Here’s a quick overview of the cyber event:

  • 11 October 2022, a criminal accessed Medibank’s IT systems using a stolen Medibank username and password of a third-party IT provider.
  • A misconfigured firewall provided access to more usernames, passwords and Medibank systems without containment.
  • Medibank successfully closed the criminal’s access by 12 October 2022.
  • Medibank implemented cyber security improvements.
  • Class action lawsuits commence against Medibank.
  • Deloitte investigates the cyberattack.
  • Deloitte recommends enhancements to IT processes and systems.
  • Medibank continues to implement improvements.
  • July 2023 Regulators increase Medibank’s capital adequacy requirements until all remedial work is complete.

Regulators such as the Australian Securities and Investments Commission (ASIC) can also strongly recommend that you have an IT strategy and response plan in place if it’s in the best interests of consumers.

Criminals target businesses of all sizes, so it’s no surprise that small, medium and large companies across Australia fall victim to cybercrime.

 

Dark hand hacking laptop with binary code. Malware and phishing concept. Double exposure

2. Cybercrime Statistics & Costs

In fact, according to the Australian Cyber Security Centre (ACSC), there were over 76,000 cybercrime reports in the 2021-2022 financial year. That’s one report every 7 minutes!

With the average cost per cybercrime in the region of:

  • $39,555 for small businesses
  • $88,407 for medium businesses, and
  • $62,233 for large businesses.

Developing an action plan to safeguard your business from cybercrime makes sense.

The ACSC website has resources to help businesses mitigate cybersecurity incidents, including the Essential Eight. The Essential Eight are the most effective mitigation strategies for Microsoft Windows-based internet-connected networks, according to the ACSC.

 

Business finance man calculating budget numbers, Invoices and financial adviser working.

3. Reputational Risk

A cyberattack can reach beyond the walls of a company, affecting customers, suppliers and more. More importantly, it may erode the trust in your business and its processes which may take time to regain.

collage-customer-experience

4. Legal Risk

A cyberattack puts companies at risk of legal action. For example, a customer or supplier may suffer a financial loss due to a data security breach and take legal action against your company.

Closeup shot of the judge's gavel on a document of the lawsuit

Mitigating cybercrime

Taking steps to mitigate the risk of cybercrime may reduce the impact on customers and suppliers sooner rather than later.

Mitigation may include annual cyber training for all staff, regular device updates, back-ups and password changes, and multi-factor identification.

For a business working with a third-party IT service provider, an in-house IT team or self-managed, it’s prudent to develop an IT strategy. The strategy may include an assessment of the risks and a clear action plan to manage security, back-ups, system updates, training, reporting and how to respond to a data breach.

Transferring cyber risk to insurance

Clear Insurance helps businesses identify, understand, and manage business risks, including cyber security risks. Our risk and insurance review assesses your risk exposure and recommends the most appropriate ways to transfer risk to insurance.

Importantly, we can direct you to effective cyber training programs to help minimise the risk of a cyber event impacting your business.

General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

Clear Insurance Pty Ltd. ABN. 41 601 916 689. AFSL No. 548953.