Small to medium enterprises in Australia are not doing enough to protect their confidential cyber information from thieves, according to the Centre for Internet Security (CIS) at the University of Canberra.
Released on December 6, the Cyber Insurance Research Paper revealed 65 per cent of SMEs have not encrypted or safeguarded their their sensitive or confidential electronic information.
“Businesses know to lock up their doors and protect their physical assets, but the widespread lack of digital protection is leaving them vulnerable to theft and exploitation from cyber criminals,” CIS Co-director Nigel Phair said.
The report identified three key areas of risk for data breaches in Australian organisations. Negligence and human factors accounted for 35 per cent, while 29 per cent were due to system glitches and the remaining 36 per cent caused by a purposeful malicious attack.
Businesses are encouraged to review their business insurance policy to ensure they are covered in the event of cyber theft.
To assess the risk of a data breach, organisations need to consider five key issues highlighted by the CIS report.
This includes identifying the business’s tangible assets and evaluating the ability to survive without them.
It is also important to establish whether the organisation is principally a B2B or B2C operation, evaluate the difficulties of a fully automated IT system and assess the data breach policies within the business’s operational market.
Australian businesses are legally obligated to protect their customers’ personal information along with their own organisational data. Therefore, it is vital to have procedures in place to stop the loss of this information.
In the event of a cyber attack, businesses are encouraged to be honest with consumers so they may take steps to protect their personal information from being misused.
If you believe your organisation may be at risk of cyber theft and you would like more information on data breach and business interruption cover, contact the team at MGA Insurance.