E-commerce and online retailers are becoming more common as Australians utilise the internet to improve the reach of their business. However, with any new type of business comes new types of threats.
Cybersecurity is now a significant issue for retailers who use information and communication technology. As this would describe most Australian businesses today, everyone needs to be aware of the risks they face from a sophisticated cyberattack. Criminals are stealing, changing and destroying information and causing significant damage to Australian businesses regardless of their size.
So how big are the risks to your business from cyberattacks, what measures are there to prevent one and who are the main culprits conducting them?
How big is the risk?
The Australian government has defined cybersecurity as measures relating to the confidentially, availability and integrity of information that is processed, stored and communicated by electronic or similar means.
According to the government’s cybersecurity strategy released in 2009, cyberattacks on business have become an industry themselves, with the production, sale and distribution of malicious codes being described as “prolific”. The risks from malicious coding developed by organised criminals to the Australian economy has been assessed as “high”. This is particularly the case for financial transactions and sensitive commercial or personal identity information.
Big companies were more likely to report having fallen victim to a cyberattack, according to report from PricewaterhouseCoopers, but this was mainly due to having better detection systems. Small businesses often had a perception that they were not targets, but hackers often viewed small companies as a means to get into their much larger partner companies sharing the same systems.
Telstra found that in Australia, 36 per cent of organisations were completely unprepared for a cybersecurity incident on their business, and had either a delayed response or had to undertake urgent measures to combat the incident if one occurred.
What measures are there to prevent an attack?
Prevention and detection are the two best ways to counter a cyberattack on businesses. But with only 28 per cent of Australian companies planning to increase what they spend on IT security this year, many businesses are leaving themselves exposed to more sophisticated attacks.
However, many companies are taking the issue to the highest levels of their organisation. Executives in Australia are now understanding the risks of cybersecurity, and preventing them has become part of the agenda of half of the C-level executives surveyed in a Telstra report on the issue in 2014. Around 51 per cent of CEOs, COOs and CFOs are signing off cybersecurity policies, this shows how seriously companies are beginning to take the issue.
According to the Telstra report, 67 per cent of banking and finance companies were first considering IT security implications during the design phase of the project. They were making protection of their data and finances part of the planning stage.
While prevention is the best means of defence for a cyberattack on a company, having a type of business insurance that takes care of the costs if an attack does happen, can help minimise the effects of the disruption.
Who are the main suspects in cyberattacks on business?
Theft from a cyber attack or from unauthorised use of a company’s information systems can happen from someone both outside and inside a business.
The report from PricewaterhouseCoopers found that cyber thefts inside an organisation came from current employees who were overwhelmingly the biggest culprits at 35 per cent. Former employees were also common sources of cyber theft at 30 per cent, and current contractors or service providers stood at 18 per cent.
While from outside the business hackers, organised criminals and competitors represented 63 per cent of people launching cyber attacks on businesses.
To discuss insurance if your business is a victim of theft, contact your local MGA office and speak to an expert today.