Cybersecurity for SMEs: Stay Ahead in the Flux of Change!
Cybersecurity has become a necessity no matter your business size.
Globally, a cyber breach to professional services businesses cost an average AU$6.77 M per company in 2023, according to IBM’s most recent data breach report. For businesses with fewer than 500 staff, the average cost was marginally lower at about $5M.
Crucially, it takes businesses from all sectors an average of 204 days to identify the breach, then another 73 days to contain it.
If you’re relying on your firm’s internal security teams and tools to identify the breaches, they’ll miss two-thirds of the attacks, IBM says. You’re more likely to find out about the breach from a benign third party of the cyber attacker.
This is a cyber hacker’s priority list: data about customers, employees, intellectual property, then anonymised customer data and other corporate data.
As well, professional services must comply with the Competition and Consumer Act 2010.
Cyber criminals are becoming increasingly sophisticated. They spread their nets wide to sell data and use it to extort businesses, organisations, governments, and individuals. Typically, hackers’ motivations are criminal, political, personal, and centre on financial gain, says IBM. Most, though by no means all, operate from outside the companies they attack.
Rising threats of data breaches in the professional services sector include:
A cyber insurance policy helps minimise the financial risks of operating a business online. In essence, you’re transferring some risks to the insurer.
But it’s not set-and-forget for those risks. The cyber security landscape is dynamic, so policy terms and conditions must be to match.
Cyber insurance, also known as cyber security insurance or cyber liability insurance, aims to protect your professional services firm from the compromise, theft, or loss of the electronic data you’ve collected. Coverage generally will:
However, here are the exclusions to a cyber insurance policy:
Determining the right policy for your business involves considering your annual revenue, industry sector, business size, type of coverage, and risk profile.
Often, you’ll be asked to submit a cyber security audit to help determine the best policy for you. So, how can your business show its best cyber health?
The Australian Securities & Investments Commission lists 11 good cyber security practices (you’ll also find more tips under ‘useful links’ below).
These comprehensive practices cover strategy, governance, risk management, threat assessment, collaboration and information sharing, asset management, protective measures and controls, detective systems & processes, plus planning your response and recovery.
The Federal Government has allocated $7.2M in funding to set up a voluntary cyber health check program for small businesses. The government is also in the process of setting up its Small Business Cyber Resilience Service – so watch this space for updates.
There’s only so much your professional services firm can do on its own to manage cyber risks. Talk to us about how cyber insurance can be part of your risk management arsenal.
Australian Signals Directorate (ASD): Small Business Cyber Security Guide
https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security/small-business-cyber-security-guide
ASD’s Essential Eight Maturity Model
https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model-faq
Small business cyber security
https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/smallbusiness
Cyber security checklist
https://business.gov.au/online/cyber-security/cyber-security-checklist
Australian Cyber Collaboration Centre
https://www.cybercollaboration.org.au/smbservices
Article Supplied by OneAffiniti
Photo by 1550539 on Unsplash