Share this article on:
The rising number of cyber security incidents and the spiralling cost of insurance are forcing many Australian businesses to re-evaluate the measures they have in place to protect themselves from the financial impact of an attack, Scott Hesford at BeyondTrust writes.
Meanwhile, alongside increasing premiums for cyber security policies, insurance companies are also re-evaluating the types of risks that they are prepared to cover. The result is a wide range of policies that offer very different levels of protection.
This situation is occurring as the cost of cyber attacks continues to grow. According to figures from the Australian Cyber Security Centre, self-reported losses from cyber crime totalled more than $33 billion in the 2020–21 financial year.
This comes at a time when the number of organisations taking out cyber insurance is on the rise. According to the Insurance Council of Australia, around 20 per cent of SMEs and up to 70 per cent of larger businesses have stand-alone cyber insurance policies in place.
Forces at work
There have been two key forces that have increased the risks faced by Australian businesses when it comes to cyber attacks. The first is the shift to remote and hybrid working that took place as a result of the global pandemic.
This shift means that many staff are no longer protected by the security measures traditionally in place within their office environments. Forced to access digital resources over a domestic internet connection at home, they are more likely to fall victim to an attack.
The second key force is the increasing ease with which attacks can be mounted. Where once cyber criminals required significant technical skills, they can now make use of a range of tools or services being offered online, including ready-made access to corporate networks via breached credentials.
Important preventative steps
Faced with these challenges, there are some key preventative steps that all organisations should take to improve their level of cyber security. These steps are also frequently required by cyber insurance providers before a policy can be put in place.
The steps include:
The decision to insure
The decision of whether to take out a cyber insurance policy depends on a range of factors but should be carefully considered by all organisations. The financial costs associated with an attack can be significant and, in some cases, bring the target to its knees.
It is important to carefully review the types of cover on offer and the requirements that the insuring party will place on the organisation when it comes to deploying security measures.
The threats posed by cyber criminals are going to continue to evolve and grow in coming years. Taking time now to review insurance options and the protective measures that are in place is vital, whilst is taking proactive steps to avoid a breach in the first place.
Scott Hesford is the director of solutions engineering, Asia-Pacific region and Japan, at BeyondTrust.
Comments powered by CComment