By Karen McDonald
Associate Director – Professional Risks, Accountancy Insurance
In an era dominated by technology, businesses find themselves not only grappling with the demands of the market but also waging a silent war against a formidable adversary - cybercrime in Australia. This insidious threat knows no boundaries, infiltrating industries ranging from construction and retail to restaurants, leaving a trail of financial losses and compromised data in its wake.
To provide some perspective on the scale of the problem, more than 22 per cent of businesses in Australia experienced a cyber security attack during the 2021-22 financial year, compared to almost 8 per cent in 2019-20, according to data released by the Australian Bureau of Statistics (ABS) in June of this year.
The ABS data also revealed that the most common types of cybercrime attacks in Australian businesses were phishing (55 per cent), malware (24 per cent), and ransomware (17 per cent). These attacks can compromise the confidentiality, integrity, and availability of your business data and systems, resulting in financial losses, reputational damage, legal liabilities, and regulatory penalties. 34 per cent of businesses reported loss of time in managing cyber security attacks, 18 per cent reported downtime of service, while 17 per cent reported a loss of staff productivity.
Some of the more high-profile data breaches that occurred in 2022 were:
In 2023, some more high-profile data breaches were:
• Latitude Financial Data Breach, March 2023
• HWL Ebsworth Data Breach, April 2023
• PwC Data Breach, June 2023
• NDIS Data Breach, June 2023
• Melbourne’s Royal Women’s hospital, October 2023
Regardless of the size of your business. It is becoming increasingly apparent that it is no longer a case of if but when you may become a victim of cybercrime.
Artificial Intelligence (AI) and Cybercrime in Australia
As AI has developed, so has its role in Cybercrime in Australia expanded. Until recently, discerning fraudulent activities proved straightforward, as hackers often betrayed themselves through poor grammar and spelling errors. However, the landscape has undergone a paradigm shift with the advent of advanced resources such as ChatGPT, thereby transforming cybercrime dynamics entirely.
Presently, the identification of phishing emails has become a more formidable challenge, owing to the refined grammar and spelling utilised by perpetrators.
Elevating the sophistication further is WorkGPT—an iteration of ChatGPT tailored explicitly for hackers. This specialised tool facilitates the construction of persuasive phishing emails with the added capability of selecting nuanced tones, be it amicable or professional. In essence, WorkGPT elevates the art of cyber deception to unprecedented heights.
How can you protect your business from cybercrime?
There are things you can do to protect your business from cybercrime. To counter these sophisticated phishing attacks, you will need to educate your staff on how to recognise and report suspicious emails, implement strong authentication and encryption measures, and regularly back up your data. You also need to monitor your network for any signs of compromise and have a robust incident response plan in place.
However, even with all these preventive measures, you may not be able to eliminate the risk of falling victim to a cyber attack. This is where cyber insurance can play an important role to cover your business from the potential losses and expenses that may arise from a cybercrime.
Tips for Improving Cyber Security
Although it might seem like cybercrime only affects big businesses in Australia, it impacts smaller businesses just as easily. Not only can a cyber breach cause major disruption to your business, but the costs involved on your operations, reporting and reputation can be substantial. Fortunately, these are costs which would be covered under a cyber insurance policy.
Insurance should be seen as an additional layer to your security process, not an alternative. Tips to help improve security:
1. Make sure operating systems and security patches are up to date.
2. Apply multi-factor authentication (MFA)
3. Regularly backup and store those backups offline.
4. Create complex passwords; always upload the Apple or Android security updates.
5. Have a standalone cyber insurance policy like Cyber Shield.
Cyber Shield is more than an insurance policy. It is an innovative cybersecurity initiative focused on a partnership with a network of experts and resources that can help you prevent, detect, and respond to cybercrime. As well as empowering your businesses to navigate the aftermath with resilience. Cyber Shield steps in to mitigate damages, recover compromised data, and guide your business through the intricate process of rebuilding digital trust. This holistic approach recognises the reality that, despite the best preventive measures, businesses may still face cyber threats.
In an era where cyber threats are almost inevitable, Cyber Shield stands as a beacon of support, offering comprehensive solutions tailored to the specific needs of your business.
Reporting a Breach
Rather than trying to hide a breach, today most companies will come out and say something like:
We have experienced a ransomware attack. Here’s what we’re doing to contain it, remediate it, protect consumer information, and this is how we’re planning to strengthen our systems going forward to make sure it doesn’t happen again.
What do I need to consider in relation to a cybercrime incident?
Businesses should assess their preparedness for a cybercrime incident and review their response and business continuity plans. You will need to consider what plans and resources do you have in place to deal with:
• Theft of data
• Extortion threats (Ransom demands)
• Loss of business income
• Restoration costs
• Security and privacy breaches
• Legal obligations
• Social Engineering fraud
While insurance will not prevent a cyber attack it should be seen as an additional layer to your security process. Cyber Shield provides comprehensive insurance cover for the above points, as well as a team of dedicated professionals who can assist you to manage the cybercrime incident.
What does Cyber Shield cost?
Each business is unique and therefore the cost and the policy will be tailored to suit your individual requirements. Accountancy Insurance currently works with ABA Advice Beyond Accounting to offer clients Audit Shield insurance, which is why we wanted to make you aware of Cyber Shield. A solution for businesses of all types, not just accountants!
If you would like to learn more about what you can do to protect your business from cybercrime, and get an obligation free quote for Cyber Shield, simply ask the Accountancy Insurance team on: pienquiries@accountancyinsurance.com.au