It might be easy to dismiss cyber crime as completely irrelevant to your business on account of its small nature — who would actually take the time to exact a cyber crime against your small business when they could be hitting the big leagues, right?
The reality is that cyber crime is believed to cost Australian businesses — of all sizes — around $4.5 billion a year, but despite that, so few businesses are insured against it. In fact, small businesses have been the slowest to protect against cyber crime, making them more vulnerable to the threat.
Pretty much every business — be it big or small — will be reliant on data to some extent. Such data can include employee profiles, private corporate information, any identifying numbers (like Medicare and driver’s licence numbers), and information of a personal nature about customers, budget details and credit card information. The consequences of such data being breached and made public can be wide-ranging.
So, let’s have a look at cyber crime and insurance a little further so that you can make a more informed decision about whether or not it’s worth looking into for your business.
What, exactly, is a cyber crime?
In basic terms, cyber crime is a blanket term for any type of activity of a criminal nature that is carried out using a computer and/or the internet.
Cyber crime includes all of the following:
- Identity theft
- Cyber stalking
- Use of malware
- Use of viruses
- Computer and network hacking
- Online scams
- Phishing scams
- Information theft
- Identity theft
When you consider that almost all businesses have an internet presence or make use of the internet in their everyday business dealings, it becomes pretty clear that cyber crime presents a risk to even the smallest businesses. And criminals don’t necessarily need to hack your systems to commit cyber crime; if they manage to get their hands on a laptop, iPad or mobile phone belonging to your business (either because it has been stolen or left unattended), they have easy access to your information and are able to more easily commit their crimes.
How will cyber crime affect my business?
The ways in which cyber crime can affect your business are actually a lot more expansive than one may have initially thought and are usually not contained to a defined period of time; rather, the effects tend to be ongoing and costly.
Beyond the general business interruption, a breach of data that results in personal information of customers or employees being made public can result in significant fines, legal fees, and costs associated with investigating the breach and notifying customers of the potential effects it may have on them.
Consider also the loss of business. Your existing customers are unlikely to continue being your customers if their personal information becomes public — and even if a cyber crime committed against your business doesn’t directly affect them, the fact any crime was able to be committed at all will leave them feeling uneasy.
A cyber crime against your business could also affect your reputation and drive away potential customers who may think twice about dealing with you given your company’s cyber security shortcomings.
Can’t software keep my business safe from a cyber attack?
Yes, there are certain things you can do to help minimise the risk of a cyber attack and these things include all of the following:
- Reputable anti-virus programs
- Secure data back-up
- Firewall technology
- Data encryption
- Laptop and mobile security
- Adequate social media policies
If all of this sounds like gibberish to you, don’t feel bad. The reality is that most businesses aren’t aware of the extent to which they need to have such things in place to protect themselves and their information, which often leaves them incredibly vulnerable to cyber criminals.
And, unfortunately, even if you do have all the right systems and software in place, your business is still at risk — particularly if your business involves the collection of customer information, including personal, credit card and bank details.
What does cyber insurance cover?
Although policies will vary between insurers, a typical cyber insurance policy is designed to help you with both preventing breaches in the first place and dealing with them if and when they occur. Cyber insurance policies usually include the following:
- The cost of restoring or recreating electronic data following a breach or leak
- Forensic services to investigate a breach
- PR coaching in the event a breach harms your business’s reputation
- Assistance guarding against data breaches, hacking and employee error
- Guidance on how to respond to a breach
- Funds to cover the adverse financial effects related to a breach
- Funds to cover any fines that might be payable following a breach
How can I determine whether or not I need cyber insurance for my business?
The best way to determine if cyber insurance — and the threat of cyber crime — is of relevance to your business is to talk to a trusted business adviser, who knows the ins and outs of your business operation, and/or an insurance broker who is unaffiliated with any particular insurance company.
If you do seek the advice of a broker, try to make sure the broker is someone who has some advanced knowledge or expertise in the area of cyber insurance. Given the relatively “new” threat of cyber crime and the relative infancy of insurance to protect against it, brokers aren’t typically as knowledgeable in this area as they usually are when it comes to more basic and established insurances. Ultimately, it’s always important that you are talking to someone who knows what they’re talking about.
As always, don’t be afraid to ask as many questions as you need to have a solid understanding of your insurance needs, the threats such insurance is designed to guard against and the details of any policy you are considering purchasing.