In recent years, there has been a significant growth in the number, severity and complexity of cyber incidents around the world and is expected to accelerate into the future. Here's what you need to know to insure your business against these cyber risks.
What is cyber risk?
Cyber risk is the risk connected to activity online, internet trading, electronic systems and technological networks, as well as storage of personal data.
Cyber risks that may threaten a business include hacking, identity and data theft, card skimming, viruses, malicious employees, accidental damage, human error and data breaches, including the theft or compromise of personal information.
A cyber incident could result in significant losses to a business, ranging from monetary losses in re-stablishing systems, to damaging a business’s reputation and undermining customer confidence.
The rise of cyber attacks
There has been an undeniable rise in the number of cyber incidents in recent years.
The total number of cyber security incidents detected in 2014 was 42.8 million, an increase of 48 per cent from 2013. Even more concerning than that figure, is that 71 per cent of cyber attacks go undetected.
The estimated annual cost of cyber attacks to the global economy is more than $400 billion. They are estimated to cost Australia at least $1 billion a year.
Sources of cyber attacks include employees and other insiders (who are considered the more likely source of attack), lone individuals committing fraud or small-scale breaches and organised criminals who are coordinated and systematic.
Managing your cyber risk
There are a number of cost effective and simple ways you can manage your business’ cyber risks, such as utilising current anti-virus software, avoiding opening spam emails, watching for data transfers out of the business, encrypting devices, backing up data regularly, implementing data loss prevention software and strengthening controls on publishing.
You should test systems yearly to identify vulnerabilities and also consider whether vendors have access to company data and whether that data is secure after being accessed or obtained by vendors.
Cyber risk insurance
Traditional insurance policies held by businesses such as professional indemnity or business continuity policies may not adequately guard against the impact of cyber incidents and there are now insurance solutions available in the market specifically tailored to this risk.
A number of major insurers now offer cyber policies. If you have concerns over your exposure to cyber risk, you should speak with your broker or your insurer.
Eleni Manetakis is a lawyer in the Sydney office of Colin Biggers & Paisley.