With a string of high-profile data breaches making headline news across the world, no company appears to be immune from the threat of a cyber incursion. Apple, Sony, JP Morgan Chase, British Airways and the European Central Bank are among high-end corporates to fall victim to hackers or malware, while the Australian Census fail of 2016 was, officially at least, attributed to a cyber attack.
According to Norton, cyber crime cost the Australian economy more than $1.2bn in 2015. And while construction hasn’t typically been considered amongst the at-risk sectors, the exposures are very real. Why? Because client, contractor and staff details, confidential project information, intellectual property and financial data are stored online and routinely accessed by multiple parties on a variety of devices via the cloud.
This data has real value for increasingly sophisticated cyber criminals, who have a variety of means of exploiting system vulnerabilities, including hacking, malware, ransomware and distributed denial of service (DDoS) attacks. Although 46% of cyber attacks are malicious, human error, such as losing data or equipment, is also a major factor contributing to 27% of breaches*. It all adds up to a threat that no construction company can ignore.
What are the consequences of a cyber breach?
Cyber security breaches can have a devastating financial impact on businesses. According to the latest research from IBM and the Ponemon Institute, the average total cost of a data breach to an Australian company is $2.64m. Amendments to the Privacy Act in 2014 also introduced the threat of fines of up to $1.7m to companies that breach sensitive customer data. Lost revenue through inability to trade could add to the virtual cycle of misery, too.
But cyber breaches can also have a negative impact on a business’s reputation, eroding customer trust that can take years to build. So what can you do to protect yourself?
5 steps to mitigating your cyber risk
Cyber insurance expert Peter Campbell, of CCF’s endorsed insurance broker Arthur J. Gallagher (AJG), says that a holistic approach to mitigating cyber risk should be top of every business’s agenda, and should consist of:
- Developing a cyber breach response plan, with clearly designated leaders
- Training and education for all staff on cyber security measures and responsibilities
- Creating a mobile device security policy
- Adopting best practice information security procedures, including firewalls, virus protection, encryption and offsite data back-up
- Taking out adequate insurance, including specific cyber liability cover
“Cyber insurance is highly recommended, but it is a safeguard to limit the damage to financial compensation, it can’t stop breaches from occurring," said Campbell.
He recommends business owners speak to a cyber insurance expert as part of their risk mitigation strategy. “Levels of cyber insurance take-up in Australia are lower than they should be – largely because the threat has sometimes seemed nebulous, and the terminology has been hard to understand.
“However, businesses cannot afford to ignore this threat. It’s very real, it’s affecting Australian businesses every day and it’s only going to become more prevalent.”