The average total cost of a cyber data breach in Australia last year was $3.35 million per breach. That’s $163 per lost or stolen record, according to IBM’s 2020 Cost of a Data Breach Report. That’s due to each breach taking 296 days to identify and contain.

IBM is working with different data than the Australian Cyber Security Centre. That centre says cybercrime’s average bill for a company on our shores is $276,000.

Despite the difference, the fact remains cyber-breach costs are increasing, with businesses in finance, technology, and professional services suffering the most significant bills.

Vulnerabilities of SMEs

About 60% of cyber breaches are on small-to-mid-sized enterprises, according to the Federal Government.

And it worsened due to the pandemic, according to the Verizon Business Data Breach Investigation Report, with the shift to more remote working, meaning businesses have struggled to roll out uniform IT security practices.

Every 10 minutes, another Australian business suffers a cyber breach. However, half of SMEs overall had spent less than $500 on cybersecurity per year. So cyber thieves are betting on such companies lacking resources, experience, or policies for protection. They’re primarily after online banking credentials, social security numbers, and also locking up data for ransom.

Hackers get in through networks, cloud platforms, or mobile devices. Their methods? They’ll use email and phishing scams, tapping into unencrypted passwords or inserting themselves into a two-part transaction to steal data. It’s worth it for them – the going rate for an email address with a password is $3.23 on the Dark Web. PayPal and Microsoft 365 details fetch higher.

Impacts not just financial

You must notify the Office of the Australian Information Commissioner under the Privacy Act 1988 if your company suffers a cyber data breach involving individuals personal information, which includes your customers, that’s likely to cause serious harm. You will also need to let affected parties know. That won’t bode well for customers’ trust in your brand.

As well as the financial costs, indirect impacts include:

  • Business disruption from the loss of data as well as lack of access to your data
  • Information, revenue, and productivity losses
  • Equipment damage
  • Damage to the livelihoods of your staff as you shut down operations and stand them down
  • Increased costs to raise debts
  • Higher insurance premiums
  • Reputational damage – a devalued trade name
  • Loss of intellectual property.

Australian operations were hit recently in a cyberattack on the world’s largest meatpacker JBS with staff stood down as the company scrambled to rebuild its IT system. That followed another attack on the largest fuel pipeline in the US, which saw bowsers dry up across the country for almost a week.

How to thwart potential breaches

IBM’s report found most cyber breaches to Australian companies were due to malicious attacks (57%) rather than a system glitch or human error. Just one-fifth of Australian organisations have fully automated their cybersecurity systems.

Your business can work to stop breaches in their tracks by:

  • Installing quality antivirus software and ensure it’s renewed before expiring
  • Automating your cybersecurity with artificial intelligence. You’ll be 27% faster in responding to breaches
  • Having solid policies and training (including refreshers) in place to reduce human error leading to breaches
  • Ensuring multi-factor authentication is part of your processes to boost security and protect your data
  • Updating your systems and software, plus backing up your data regularly
  • Conducting security audits with your disaster recovery plans ready to go
  • Enforcing staff follow best practice for password ‘hygiene’, having a different password for every device or system, using alphanumeric symbols and special characters.

And if you’re thinking you’re safer when you upgrade your computer hardware, beware of what happens to your old equipment. Are your company’s hard drives and other data-carrying media destroyed before the gear goes to a recycler? As this Information Age story explains, it can expose businesses to a different dimension of data breaches.

So, wouldn’t it give you peace of mind that you’d done as much as you can on your end plus have access to 24/7 incident response expertise should you suffer a breach? That’s a benefit of having a cyber liability insurance policy that covers incidents and data breaches from the time you notify us, right through to resolution. Most insurers, as part of the policy coverage, also offer access to a wide range of specialist services such as IT specialists in forensic investigations, law, credit monitoring, public relations, call centre, and mail house services.

Talk to us to sort out the best policy for you – there’s quite a range from which to choose. Such policies also generally protect your business from claims of data breaches, including sensitive customer information. You could also be covered for costs relating to extortion, business interruption, investigation, and data recovery, plus PR and crisis management. It’s about doing your best to be among the one in four SMEs that cyberattacks can’t reach.