Cyber-attacks, hacks, breaches, data loss, DDoS, ransomware and more are a fact of life, but so far it seems only the big end of town, not SMEs, receive the publicity. It is a case of when, not if, the Australian government will introduce mandatory data breach notification revealing the true extent of the pain.
Norton by Symantec has done two proactive things. First, it has released a new independent survey of over 1000 Australian SMEs (small to medium enterprises from 1 to 250 employees) revealing that 19% have experienced a cyberattack, with expectations that that number will increase over the next 12 months. Second, it is throwing its commercial weight behind ways to make it easier for SMEs to get cyber insurance to help recover from attacks.
The impact of a cyberattack on a small business’ brand, reputation, and business operations can be catastrophic. While many small businesses recognise the importance of planning to prevent cyber attacks, the Norton survey reveals many are still unfamiliar with cyber insurance and its benefits, and may not realise their normal business insurance does not cover loss from cyberattacks.
“Cyber insurance is an emerging trend as it presents an avenue for small businesses to become more resilient to a wide range of cyber risks and the costs associated with data breaches and business interruption. It can be a business’ safety net when all else fails,” said Mark Gorrie, director, Norton Business Unit, Pacific region, Symantec.
{loadposition ray}
The survey provided the following key findings:
- 19% of SMEs have been a victim of at least one cyberattack;
- 14% now have cyber insurance and 19% of them have now made claims;
- 19% are planning to get it, especially businesses with a server (33%) compared to those without a server (6%);
- Cyber insurance take-up increases with the size of the business. Once business turnover reaches $1 million+ or IT spend reaches upwards of $6000 per annum, the likelihood of having cyber insurance increases to 30%+;
- Cyberattacks (28%) and loss or theft of data (18%) are key reasons for purchasing cyber insurance; and
- Cyber insurance average policy price was less than $2900, although it varied by turnover and risk.
Symantec Insurance partner CGU offers cyber insurance protection for SMEs and stated, “CGU understands how important it is for small businesses to protect themselves from the threat of a cyber attack. CGU Cyber Defence provides broad coverage and includes a cyber incident response service.”
“Cyber security has become one of the biggest issues facing small to medium size businesses and individuals today, and it’s not going away. At CGU, our role is to help our customers mitigate against potential risks that could essentially put them out of business,” said CGU national underwriting manager, Professional Risks, Najibi Bisso.
Norton and Symantec Cyber Insurance are partnering with leading insurers globally to build customised product bundles and services for joint customers to improve their cyber security and financial resilience. This enables businesses to reduce the risk associated with cyberattacks and quickly recover from the financial cost of cyber events.
“Australian businesses of all sizes are vulnerable to attacks. However, small businesses are traditionally more vulnerable because they often don’t have the same security resources and budgets as their big business counterparts,” said Gorrie.
Norton says SMEs need to consider three main areas.
First, using Symantec’s security products and services to help protect the business.
Second, to build a culture cyber security awareness among staff, implement security controls before an attack occurs, prepare an incident response and a recovery plan
Third, alleviate some of the cost via cyber insurance policies.
