Cyber-attacks pose the second largest risk to the economic prosperity of Australia’s major cities, according to a joint report by Lloyd’s and the University of Cambridge. Sydney is proportionately more exposed than New York, Los Angeles, Paris and London, with 17.51% of its total GDP vulnerable to cyber-attacks. To put it in perspective, the risk extends across the country, with Brisbane and Canberra facing greater risks from cyber-attacks than from floods and storms combined.
The cost of data breaches to Australian business is already estimated to be in excess of AU$1 billion. Direct financial consequences of a data breach may include the cost of hiring IT forensic advisers or credit monitoring services for affected individuals. Indirect financial consequences may include loss of reputation, or reduced sales due to customers not trusting a company with their personal information.
Managing the risk and developing a strategy
Doing business in the modern world means that you cannot guarantee that your business will not fall victim to a cyber-attack. A recent PwC report found that within the last 24 months, 65 per cent of Australian organisations had experienced cybercrime, with more than 10 per cent of those attacks causing losses of more than $1 million. Yet only 42 per cent of Australian organisations have incident response plans in place.
By preparing for an attack you can minimise the losses suffered if one occurs
Identify risks: The first step in any cyber security plan is to identify areas of risk. Standard sources of cyber risk for most business include wireless network security, password protocols, ‘bring your own device’ policies, USBs and antivirus discipline. It is often a good idea to engage expert security consultants to help you identify key areas of concern. Their knowledge of emerging risks will help you develop a comprehensive and effective risk profile for your company.
Secure your business: As soon as you’ve developed a clear picture of your business’ cyber risks, you should start implementing a range of security measures and safeguards. Simple steps include ensuring anti-virus software is up-to-date, creating and enforcing a secure password policy, ensuring your operating systems are current and educating staff about risks. Large businesses may need to look into advanced defences or security outsourcing. External consultants can provide objective critique of your system and can periodically stress test your network against common threats.
Monitor and insure: It’s vital that you stick to your security plan and continually monitor network traffic, update software and virus definitions, and keep control of the devices on your network. However, short of taking your whole business offline, it’s impossible to physically prepare for every possibility. Cyber criminals and security companies are locked in a constant game of cat and mouse.
One of the best ways in which you can ensure protection for your business against the unavoidable risks is to take out a cyber insurance policy. These policies generally provide cover for the loss of net profit as a result of an attack or hack, investigations, financial consequences of lost or corrupted data and fines. They also provide you with access to an incident response teams comprised of security, public relations and legal experts who can provide your business with rapid support in the case of a breach.
While the evidence suggests that your business is more likely than ever to be subject to some form of cyber-attack, the mitigation strategies available are becoming equally sophisticated. An educated workforce, a well implemented defence strategy and a comprehensive insurance policy can help avoid significant losses as a result of a cyber-attack.