Fighting digital fire risks on all fronts

Australian households and businesses increasingly depend on the internet. More people are working from home, forcing us to communicate differently and change how we access services and information. Cybercriminals are seizing the opportunities and no sector of the Australian economy is immune.

How do we protect ourselves and work together to beat criminals?

We fight them on multiple fronts.

Developing a strategy to protect ourselves at home and in our businesses is increasing in urgency.

The Federal Government stepped up to stem the rate of attacks with its Ransomware Action Plan in October 2021. It’s also considering legislating mandatory cybercrime reporting and a cyber extortion offence. It’s reassuring to see the highest level of government acting quickly.

So, let’s explore how to protect our strata ecosystem.

What is cybercrime?

1. Criminal activity targeted – infecting computers with viruses and other malware. 
2. Criminal activity using computers to commit other crimes – using computers or networks to spread malware, illegal information, or illegal images.

Cybercriminals may even use both together – targeting computers with viruses before using them to spread malware throughout a network.

While simple everyday technology tools improve our connections, eg high-speed internet and file sharing, opportunities are also arising to exploit the human factor, leading to new crimes and old crimes via new ways.

The Australian Cyber Security Centre (ACSC), received over 67,500 cybercrime reports in the 2020/21 financial year, up nearly 13%. Astonishingly, this equates to a cyber-attack being reported every 8 minutes.

Over 75% of pandemic-related cybercrime reports involve Australians losing money or personal information. Source: ACSC

Cybercrime is becoming more sophisticated

Cybercrime can be anything from email and internet fraud, identity fraud and theft of financial data, to cyberextortion (including ransomware attacks) and cyberespionage, where hackers access data illegally.

Leading Cyber insurance underwriters Emergence Insurance, say ransomware is the second-highest reported incident, representing 31% of claims, just ahead of business email compromise.

Business email compromise (BEC) As more of us work remotely, the 2020/21 financial year recorded the average loss per event for BEC at over $50,600 (1.5 times higher than 2019/20) as criminals develop more enhanced and streamlined methods. Source: ACSC

But it’s not only the financial loss from attacks we need to worry about. The reputational and operational impacts could be more severe and longer lasting.

Protection is critical

Every business with a website or electronic records is vulnerable to cybercrime. Strata managers certainly tick this box.

Aside from the cost of ransom payments or IT repairs, there are the time costs of reporting an attack, managing claims and remediating impacted customers. And let’s not forget handling any reputation damage.

Cyber insurance is one way to help with the financial losses from a cyber attack, including:

•      revenue loss

•      ransom payments

•      data recovery

•      legal claims

•      crisis management.

Insurers also emphasise the importance of quick action after a cyber attack. Key forensic evidence can be lost if an incident isn’t reported immediately.

Now might be the time to ask a good broker to help you navigate the market and find coverage that suits your business.

Cyber insurance has transformed from once being hard to sell to now becoming harder to buy. Increasing claim numbers mean coverage and capacity are becoming scarcer.

Jeff Gonlin, EmergenceInsurance

Is insurance the only protection?

Insurance supports you after an attack, but what about prevention against attacks?

There’s more rhetoric certainly around cyber resilience. Accenture Security defines the cyber-resilient business as one that “brings together the capabilities of cybersecurity, business continuity and enterprise resilience. It embeds security across the business ecosystem and applies fluid security strategies to respond quickly to threats…”

When applied, it’s a strategy that can help strengthen a customer’s belief in your business as being robust and sustainable.

There are also simple steps to manage your security.

•      Ensure passwords are strong and secure and use multifactor authentication if possible.

•      Apply the latest security updates to devices and run weekly anti-virus/malware scans.

•      Only give system access to people who need it.

•      Don’t open unsolicited emails and think before downloading attachments or clicking links even if the email is from someone you know.

•      Secure electronic devices before leaving them unattended.

Criminals may even use offline methods to target businesses, so:

•      monitor your bank accounts for unusual activity or transactions

•      consider using a PO Box, or make sure your mail is secure.

Training employees to think and act with security in mind is the most underfunded activity in cybersecurity budgets. Source: AccentureSecurity

What can we do right now?

Everyone needs a comprehensive technology and data protection strategy.

Speak to your broker about how cyber insurance can form an important part of that strategy to protect you and your business.