The threat of a cyber breach for small to medium sized businesses (SMEs) is a very real concern, one that has been recently highlighted by the General Data Protection Regulation (GDPR) in Europe and the Notifiable Data Breaches Scheme (NDP) in Australia.
Current estimates indicate that cyber crime costs the Australian economy more than $1 billion every year with nearly half of these attacks focused on SMEs, simply because of their vulnerability. Of those that are attacked, approximately 60% will close their doors within six months as a direct result of the data breach.
The risk of a cyber attack is exacerbated by the breadth of the damage that can be caused to SMEs, both by the loss of data to the company and the potential harm to their reputation. When even governments and big businesses struggle to keep up with the pace of cyber attacks around the world, it is no wonder that SMEs are concerned that they won’t be able to comply with this new legislation.
The main problem for SMEs is twofold: first, many SMEs don’t fully understand the implications of this legislation and second, they don’t have the IT systems in place to deal with cyber crime or to comply with the legislation.
With many SMEs relying solely on anti-viral software to protect their data systems, it’s not ‘if’ an attack happens, it’s ‘when’ an attack happens. SMEs need to be prepared for the hefty fines and potential damage to their reputation, which are very real consequences of non-compliance with this new legislation.
How can SMEs prepare for a cyber attack?
Many business owners don’t actually understand how their business can be attacked online, so the simplest example is where your business pays a fake invoice that was generated by someone who hacked into your systems. Your clients can also be sent fake invoices from your business, which when paid by your client, goes directly to the hacker’s bank account, creating a significant financial loss to both your business and to your client.
Your best solution is to engage an IT firm who are experts in minimising the risk of cyber attacks for Australian SMEs. With the correct systems in place to protect your business from cyber-crime, such as a data recovery system, a data security policy and a data breach response plan that outlines the steps to be taken if you are hacked, you will have taken the first steps in securing your business from cyber-crime.
The final step is to take out a cyber risk insurance policy that is customised for your business and is designed to reduce your exposure to the costs involved if your data systems are breached. This is a specific type of business insurance that can cover the costs of IT security and forensic investigations, system damages and rectification, business interruption, reputational harm and the costs of cyber extortion.
SMEs need expert guidance on securing their data and responding to a cyber attack, as well as cyber risk cover to be sure that they have fully protected their business and their customers from the very real damage caused by cyber-crime.