Did you know cybercrime is expected to cost $10.5 trillion a year by 2025? In Australia alone, 62% of small businesses have already experienced some form of cyber security incident. These startling facts underscore the urgent need for businesses to fortify their defences against the escalating threat of cyber attacks.
But how can you protect yourself? Is cyber insurance the silver bullet solution we’ve been waiting for? Should it be a non-negotiable part of every business owner’s IT toolkit, safeguarding your business and assets and protecting your staff, data, customers, suppliers, partners, and stakeholders? Or is it an overhyped promise that fails to deliver in the face of real-world cyber threats?
In this article, we delve into the heart of these questions. We’ll explore the rapidly expanding industry of cyber insurance in Australia, assessing its worth in the context of business protection. As always, we’ll break down the jargon and present you with a clear, easy-to-understand guide. By the end, you’ll be equipped with all the information you need to make more informed decisions about whether cyber insurance is the right choice for your business.
The Rising Threat of Cybercrime
According to the Australian Cyber Security Centre (ACSC), 62% of small businesses have experienced some sort of cyber security incident. Reports of such incidents rose by nearly 13% from the 2020-21 financial year to the following 2021–22 period. This equated to more than one report of cybercrime every seven minutes during the 2021-22 financial year. The most common crimes reported were fraud (27% of the total), followed by online shopping (14%) and online banking-related incidents (13%).
More recently, a Cyber Crime in Australia survey conducted in early 2023 revealed that 47% of the 13,887 computer users surveyed had experienced at least one cybercrime in the 12 months prior. This survey was particularly alarming because nearly half of the victims said they’d experienced more than one type of cybercrime.
When stacked together, these statistics make it abundantly clear that cyber threats are not going away. Indeed, they’re escalating. Shockingly, despite these startling facts, and despite the increasing number of public cyber attacks we’re witnessing in the news, many Australian business owners operate under the dangerous assumption that their operations are too low-key to attract the attention of cybercriminals. This false sense of security can leave you vulnerable to attack and ill-prepared to deal with the fallout.
A 2022 study found that 51% of the small businesses surveyed didn’t have any cyber security measures in place, with over half of these citing their size as the reason they believe they’re unlikely to be targeted. This mindset can be perilous. Indeed, cybercriminals often target small businesses precisely because they assume these entities have weaker defences.
Ransomware, a type of malicious software that blocks access to a computer system until a sum of money is paid, is a particularly devastating form of cybercrime. It has been found that 82% of ransomware attacks target small to midsize businesses. Once hit with a cyber-attack, 20% of businesses completely cease operation until it is resolved. The inability to operate can force businesses to give in to the criminals’ demands or risk significant financial losses from inactivity.
As you can probably imagine, the consequences of a ransomware attack are profound. Beyond the sting of the ransom payment, business owners are hit with additional costs associated with downtime, data recovery, cybersecurity remediation, and potential legal ramifications. The financial and operational impact can be severe, sometimes pushing small businesses to the brink of closure.
The sobering truth is that no business is too small to be targeted by cybercriminals. The assumption that your business can fly under the radar will leave you exposed and unprepared. So there’s no question that you must recognise the rising threat of cybercrime and take proactive steps to protect yourself. Robust cybersecurity measures are pivotal in this project, but will cyber insurance really do anything to help?
The Role of Cyber Insurance
Cyber insurance can serve as a safety net for businesses, providing coverage for the financial losses associated with cyber threats. This includes costs related to data breaches, network damage, and business interruption. In Australia, only 20% of small to medium enterprises (SMEs) have cyber insurance, compared with 35–70% of larger organisations.
Let’s take a look at the good, bad, and ugly of cyber insurance to see whether this disparity is a problem for SMEs or not.
Pros of Cyber Insurance
Cyber insurance offers several benefits. It can improve a company’s standard of security, give you financial incentives to enhance other areas of your IT security, and increase awareness among your executives. It also protects against losses resulting from a range of cyber incidents, including social engineering scams and ransomware attacks. The best policies back up this financial support with access to expert resources that can help you manage a cyber incident effectively. For these reasons, the Finance Brokers Association of Australia (FBAA) has advised its members to prioritise robust data security measures and to consider obtaining specialist cybersecurity insurance.
Moreover, cyber insurance can cover both first-party and third-party losses. First-party insurance covers the financial losses you incur yourself as the result of a cyber event that impacts your own network. It typically includes expert support to resolve the cyber incident, rescue your data, and restore your systems to the position they were in before the incident. It generally also includes reimbursement for loss of electronic funds and ransom payments.
Third-party insurance covers your business for liability actions brought against you due to a network security or privacy event. This could include litigation brought by customers due to a failure by the business to prevent the theft of their personal data.
Cons of Cyber Insurance
Despite its benefits, cyber insurance also presents some challenges. Those statistics we mentioned earlier that show how alarmingly quickly Australian cyber breaches are increasing? Those figures have insurers worried too. As a result, providers tend to be cautious about insuring high-risk businesses, especially if they have inadequate controls or standards.
High-risk businesses generally include those that handle sensitive client data or are responsible for protecting a client’s systems. Examples of such businesses include technology companies, financial institutions, healthcare providers, and retailers. Other business types considered high-risk include utility providers, banks, healthcare providers, and telecommunication companies. If your business is in one of these industries, you may face some challenges in finding a suitable policy at a reasonable price.
Many policies also have substantial exclusion clauses designed to limit the circumstances in which the insurer will pay out. For this reason, it’s crucial to thoroughly read and understand your policy before you sign anything. This is the only way to ensure you’re not caught off guard by any exclusions.
For instance, cybersecurity events are often excluded from general liability policies and require their own standalone policy. So, if you’ve assumed ransomware attacks and other cyber threats are already covered by your existing insurance, it may be time to dive into the small print or contact your insurer to check.
The final challenge it’s important to be aware of is that cyber insurance is a new concept that orbits around a rapidly evolving crime type. For this reason, policies and industry standards can change from one month to the next. This makes it important to regularly review your policy and stay informed about any changes.
Reliability of the Cyber Insurance Industry in Australia
The cyber insurance industry in Australia has been a bit hard to predict. However, experts are suggesting that it’s starting to stabilise in terms of pricing and policy inclusions and exclusions. This means it’s becoming a more reliable option for businesses. The cost of insurance (known as the ‘rate’) has been going down, which is good news for SMEs. However, insurance companies are still very thorough (this is what ‘underwriting’ refers to) in checking a business’s cybersecurity measures before they agree to provide insurance.
The market is becoming more competitive, which is usually a good thing for consumers. It means more options and better prices. However, there’s been a big increase (nearly 50%) in the number of cyber insurance claims compared to the previous year. This shows that cyber threats are on the rise.
As more businesses make claims, it’s feasible to expect that the cost of taking out a policy may increase too. Also, insurance companies might exclude more things from their coverage. So, it’s more important than ever for businesses to have strong cybersecurity measures in place to prevent these incidents from happening in the first place.
Staying safe from cyber threats
In the face of growing cyber threats, cyber insurance has emerged as a potentially critical component of business protection in Australia. It provides a much-needed safety net for businesses of all sizes, helping to mitigate the financial impact of these threats. Yet, it’s important to remember that cyber insurance complements, but does not replace, robust cybersecurity measures.
Your best bet is to view cyber insurance as one piece of a broader risk management strategy. As cyber threats continue to evolve, the role of cyber insurance in safeguarding Australian businesses will undoubtedly adapt in response.
At Invotec, we understand the importance of strong cyber security. Our team of skilled IT professionals is ready and waiting to assist you in fortifying your defences and ensuring your business is well-prepared for even the most sophisticated cyber threats. Whether you have questions or are ready to enhance your cybersecurity, we’re here to help. Reach out to us today to take the first step towards securing your business in the digital world. Your safety is our priority.
