It’s been on the market for a while now and demand for it has grown over the last two years, but uptake of cyber insurance in Australia is still alarmingly low.
Just 14% of Australian small businesses have a cyber insurance policy in place, and Telstra’s recent Cyber Security Report found that 21.7% of Australian companies are not using – or even considering – cyber cover. Companies are disconcertingly complacent in the face of the growing cyber threat.
But the reality is that your company is almost certain to experience a cyber security incident, such as a data breach or ransomware attack. And without the proper risk management strategies and insurance policies in place, such an attack could seriously threaten your financial viability and ability to do business.
Still not convinced you need cyber insurance? Here are 5 reasons why you do.
1. Your staff rely on computers to get their jobs done
We hate to state the obvious, but here’s the thing: if your organisation uses any internet-connected devices for work purposes, you need cyber insurance.
Simply accessing the internet on devices – whether they be computers or smartphones on or off your network – puts your business at risk of a cyber attack. According to the Australian Bureau of Statistics, roughly 95% of all Australian businesses make use of the internet for business purposes – and a survey by the Australian Cyber Security Centre (ACSC) showed that 90% of Australian organisations faced some sort of cybersecurity incident in 2015. Let that sink in.
Lloyd’s estimates that the Australian economy is exposed to a potential $16 billion cyber-attack damage bill in the future. The bottom line? Nobody is immune to cyber risk, and every company that’s using technology and the internet needs cyber insurance as part of an effective risk management plan.
2. Your company handles and/or stores personal data from clients and customers
If you use, store or disclose personal information about your customers or clients, you need cyber insurance. Why? Because this information is a valuable commodity for hackers, and collecting it makes you a target for data breaches and other cyber security incidents.
Personal information refers to any information that can be used to ascertain or reveal someone’s identity such as their name, address, email address or telephone number. In accordance with the Privacy Act it’s your responsibility to ensure that this type of information is collected, used and stored in a safe and compliant manner. In addition to being aware of your privacy obligations, you need to mitigate your cyber risk exposures with a risk management programme, cyber insurance and a data breach response plan.
Data breaches are an increasingly common occurrence: Australia’s Computer Emergency Response Team (CERT) responded to 14, 804 ‘cyber security incidents’ between July 2015 and June 2016 alone. It’s worth noting that the organisation considers this number to be lower than the total number of cyber security incidents affecting private companies; the true extent of cyber incidents is unknown.
So here’s the key takeaway: handling personal information is a cyber risk exposure that you need to mitigate with risk management and cyber insurance.
3. You use cloud services
With more than 70% of Australian businesses using it in 2016, it’s safe to say that cloud technology has entered the mainstream of business ICT.
If you’re among the high percentage of cloud-friendly businesses, you need cyber insurance. Here’s why:
Research has shown that 2.7% of files shared in the cloud are publicly accessible
1% of files uploaded to the cloud contain sensitive data, and 44.4% of this data includes confidential information such as business plans and financial records
Personally identifiable information (PII) accounts for 70% of date being stored in the cloud.
According to Intel Security, more than a third of Australian businesses don’t have a policy about staff sharing information via the cloud despite widespread cloud adoption and concerns about data breaches. So take note: the cloud is a great tool for file sharing and collaboration, but without proper governance and cyber insurance, it exposes your business to a data breach.
4. Your business couldn’t financially survive a cyber attack
Quantifying the cost of a cyber-attack is difficult, but estimates range from between $200,000 and over $600,000 per incident – high enough to certainly cripple a small business.
But these estimates don’t account for the indirect, hidden costs of a cyber-attack which includes (but isn’t limited to):
Business interruption or destruction
Reputational damage and loss of customer trust
Insurance premium increases
Lost contract revenue and loss of IP
Damage to share price
When we take these kinds of indirect costs into account, the total cost of a data breach skyrockets:
Some Australian C-suite executives project the cost of a successful data breach or security incident to be in excess of $35 million;
A cyber-attack could seriously compromise your financial viability, so must have a cyber insurance policy in place. At the very least, this will cover risks such as financial loss arising from lost revenue, customer churn, privacy fines and legal expenses. Learn more here.
5. Your existing insurance policies may not cover losses from a cyber attack
Some general business liability policies include cover for cyber liability, but many don’t.
Don’t assume that you’re covered just because you have public liability, management liability or other business insurance policies in place. You need a separate cyber insurance policy that covers your risk exposures and, at the very least, includes cover for things like business interruption, loss of data, legal expenses and data recovery.
Insurance is just one piece of the puzzle
Simply taking out a cyber insurance policy won’t protect your business from a cyber-attack. To properly protect your organisation and your clients, you need a comprehensive risk management plan.
Download our data breach response plan template and talk to your broker about how you can best protect your company and mitigate your cyber risks.