Cost of cybercrime to Australian businesses

Australian businesses are regularly targeted by a range of malicious cyber activity as well as accidental or intentional security breaches by employees, which can result in ongoing damage to their profitability, reputation and competitiveness. The variety of malicious cyber activity can be anything from online vandalism and cybercrime, through to the theft of commercially sensitive intellectual property and negotiation strategies, and sometimes just plain carelessness.

Too often companies of all sizes think it can’t or won’t happen to them – but think again, with statistics reporting figures as high as one in three businesses being targeted annually[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][1].

According to the latest ACSC[2] report released by the Australian Government in October, there were 14,804 cyber security incidents affecting Australian businesses between July 2015 and June 2016, 418 of which involved systems of national interest (SNI) and critical infrastructure (CI).

The average cost of cybercrime incidents to SMEs was around $276,323[3], with more than 53% of that cost incurred on detection and recovery, and an average resolution time of 23 days. The average cost to large organisations leapt to a staggering average damage bill of $4.9 million, and a 31 day resolution period[4].

The ASCS report outlined the top trends in targeting and exploitation techniques over the last 12 months:

  • Spear Phishing remained a a firm favourite with malicious hackers, where organisations are sent a seemingly genuine email from a known contact which releases malware once the link or attachment is opened. Disturbingly, ASCS reported the scams are becoming far more convincing and difficult to detect, resulting in adversaries gaining access to large amounts of sensitive personal and corporate information.
  • Ransomware continues to plague Australian businesses with programs such as “Cryptolocker” encrypting documents or large network files and directing the victim to a website where they need to pay a “ransom” in bitcoins to unlock their files. More frustrating is the consequence of not paying – files can be systematically destroyed before their eyes.
  • Web seeding compromises websites frequented by users of an organisation and are often targeted to government or defence organisations, compromising think tanks and foreign policy, but can be used to target large organisations involved with critical infrastructure.
  • Malvertising exploits users by infecting their computers with malicious code via seemingly innocuous advertising. These ads are becoming more sophisticated and can use legitimate company domains and as such can be nearly impossible to identify.

In addition to malicious hacking, cybercrime risks affecting businesses can be the result of nothing more sinister than simple human error. How often have we read in the paper or seen on TV the sad story of the employee who left his phone or laptop in a cab, losing valuable customer databases, compromising credit card details, medical or other sensitive customer records? Or the employee who accidentally emailed a customer contact spreadsheet instead of the company newsletter revealing customer details and financial records to their entire database?

The costs facing a business are not simply around restoring IT hardware and software, but there are possible massive financial burdens incurred through:

  • companies needing to implement further mitigation strategies,
  • paying ransoms,
  • loss of custom as a result of breaches of trust,
  • lost productivity,
  • cost of lawyers and PR consultants to minimise damage to reputation,
  • loss of business continuity and the financial risks arising from that.

In some cases, the prohibitive costs to restore business operations, can mean the difference between maintaining a profitable business and struggling to stay afloat.

Companies large and small are seeing the value in managing cyber risk, through a risk management strategy and a solid cyber insurance policy such as Emjay Insurance Broker’s Cyber Defence Policy which protects them against the prohibitive costs of repairing IT systems, restoring customer data, business interruption and third party claims such as Breach of Privacy, Defamation or fines resulting from cybercrime exposure.

To understand the risk facing your business, contact Emjay Insurance whose expert brokers can provide you with the advice and services to ensure your business is managing the risks from cybercrime incidents, and is adequately insured and protected should the worst happen. Contact us on (02) 9796 0400 to discuss your needs.

[1] Australian Government staysmartonline.gov.au

[2] Australian Cyber Security Centre Threat Report October 2016

[3] Australian Government staysmartonline.gov.au

[4] HP Enterprise Security report 2015[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Mario Cuenca :