The costs of a cyber security breach for a business of any size can be extremely high and difficult to absorb. According to the Australian Cyber Security Centre, the financial damage of reported incidents has increased 14% in the last year, averaging at $46,000 per incident for small businesses, $97,200 for medium businesses and $71,600 for large businesses. There’s also a huge potential for the costs to blow out far higher than these averages, particularly if a lawsuit follows the breach.
These are costs all businesses would rather do without, and there’s also reputational damage to take into account – all of which is why we’re strong advocates for having the most robust cybersecurity defences in place as possible. (An MSP like Smile IT can help you seamlessly achieve this.)
But with cybercrime reports to the ACSC up 23% in the last year (with one report every six minutes), it’s clear that many cyberattacks are happening and they’re likely to happen to you. For businesses in Australia, mitigating this risk has become a crucial aspect of operational strategy. One method of doing that is Cyber Liability Insurance. We want to shine a bit of a spotlight on that for you, providing information that’ll help you decide whether it suits your business or not. Let’s start by looking at exactly what it is.
What is Cyber Liability Insurance?
In a nutshell, cyber liability insurance is designed to protect businesses from the financial losses resulting from cyber incidents. Incidents refer to events such as data breaches, network damage, and business interruption due to a cyber-attack. It differs from traditional insurance by being specifically tailored to address the risks associated with digital operations and information security.
What Does Cyber Insurance Cover?
Every policy is going to be different, which is why you must look at a number of policies and do your due diligence about your exact business requirements. From what we’ve researched, most policies will cover the following:
– Data breach response costs: customer notifications, credit monitoring services and public relations efforts.
– Legal fees, penalties and settlements in the result of a lawsuit.
– Business interruption losses – costs associated with keeping operational during the recovery phase after an attack.
– Cyber extortion and ransomware demands.
– Forensic investigation costs.
– Data recovery expenses.
What Doesn’t Cyber Insurance Cover?
Just as important as what a cyber insurance policy covers, is what it doesn’t cover. Typical costs that wouldn’t be covered are:
– Losses due to intellectual property theft.
– Computer hardware damage.
– Bodily injury or property damage.
– Improving internal technology systems after a cyber-attack.
– Loss from a decrease in company value or of future revenue.
– Power, satellites or telecoms outages.
Please note this isn’t an exhaustive list. You need to question your potential insurer about what they don’t cover and read any fine print!
Is Cyber Insurance Worth It for SME’s?
Given the relentless barrage of cyberattacks happening every day, more and more businesses are turning to cyber insurance for their peace of mind. The industry is set to nearly triple in size over the next four or five years, illustrating a growing awareness of the threats of cyber-attacks.
For Small and Medium Enterprises (SME’s), the decision to invest in it can be complex. Resources might be stretched to the point where the cost of cyber insurance isn’t viable. You have to balance that against the potentially devastating financial impact of a cyber-incident, which could wipe out your SME. The safety net of cyber insurance becomes very tempting when you think of it in that regard.
Prevention is always better than cure when it comes to cybersecurity, so talk to your managed IT services provider and see if your defences are up to standard. A cyber defence and data recovery strategy is just as important, if not more so, than cyber security insurance.
Handy Hint – Do your Due Diligence Before Signing Up to a Policy
Before committing to a Cyber Liability Insurance policy, you must conduct thorough due diligence. Examine the policy’s inclusions and exclusions closely. Understand the claim requirements and deep dive into what’s offered and what the cost is. Beware of policies constructed in a way that makes them less valuable than they seem.
You might even find you’re better off without a policy than with one that offers insufficient coverage when you experience a breach. Again, it’s all about finding that balance between cost and protection.
Where Can I Report a Cyber Scam?
Above we mentioned the statistics of reported cybercrimes. There are many that don’t get reported, and we urge you to report it immediately if your business becomes a cyber scam target. The best place to do this is through the Australian Cyber Security Centre (ACSC) website, which you can find here. Your reports will help authorities understand the scope of cyber threats and help develop strategies to defend against them.
Speak to the Cybersecurity Experts
The best way to summarise cyber insurance is that it can be a useful tool in mitigating the financial effects of cybercrime, but it needs careful consideration before you sign up to a policy.
If you’re an Australian business struggling to navigate the complexities of cyber threats and risks, Smile IT is here to provide clarity for you. We can ensure you’re protected from the latest threats on the digital landscape, as well as prepare you with robust data recovery and backup plans. Talk to one of our team, we’re here to help!
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!