Australia’s Federal Parliament, Toyota Australia, Melbourne’s Catholic Archdiocese and cardiology unit Melbourne Heart Group have all been in the news as recent victims of cyber attacks. Who’s next?
It might well be you or your business. According to the Verizon 2018 Data Breach Investigations Report these industries top the list of targets globally
- professional services
But that doesn’t mean that other sectors are safe. Connectivity between organisations means owners of businesses of all types and sizes need to be concerned about the security of their own operations and those of their suppliers, customers, peers and competitors.
“Cyber risk is now so present in almost all aspects of business operations that it is impossible to protect against completely, but exposures can be mitigated. Business operators need to change their mindsets to adjust to this new reality.”
Robyn Adcock, Cyber Technology Practice Leader at Gallagher
Why every business is a potential target
In commentary in the Australian Financial Review James Turner from CISO Lens, a forum for chief information security officers of large Australian organisations, warns: “If you are hoarding customer data, you'll be targeted. If you're generating insights on your users, you'll be targeted. If you are creating and delivering value, if you are relevant, if you have a trusted relationship with your customers and suppliers and are in regular communication with them, you'll be targeted.”
Yes, cyber criminals are harnessing ever evolving technologies, including artificial intelligence (AI) and machine learning, internet of things (IoT) connectivity, cryptocurrency transactions and Cloud security, in mounting their attacks.
Still, with exploitation of user credentials the most common tactic according to the Verizon report, it’s the human factor that poses the biggest threat to cyber security. Businesses need to train their staff to recognise phishing attempts to gain information and vulnerabilities in digital networks where access needs to be isolated and protected.
Time and money
Business owners, even if they are sole operators, also need to invest in safeguarding their enterprises.
- Time in identifying what needs to be protected and carrying out the organisation of transferring data to the Cloud, for example, limiting access to only those who absolutely need to use the relevant information and using dual factor password protection. The Australian Cyber Security Centre provides a free guide of the Essential Eight steps to mitigating cyber security.
- And a monetary investment in the form of budget for cyber security training and practical measures, which may in some cases be outsourced to specialists, and insurance cover provided to help deal with an actual security breach and the costs involved. These could range from enforced suspension of operations to reputational damage limitation and encompass everything from ransom payment to restoration of lost data.
“Cyber insurance is designed to meet a variety of different challenges that can arise in the event of a data breach,” Adcock says. “We can help businesses proactively manage their risk exposures.”
Talk to a Gallagher cyber specialist about how we can help you limit your cyber security exposure.
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312