Despite attacks on giant firms such as Optus grabbing the headlines, SMEs are increasing as the victims of cybercrime.

Just recently, the Actuaries Institute’s released their new Green Paper – Cyber Risk and the Role of Insurance, which analyses the vulnerability of organisations and the role of insurance in setting the best practice standards for cyber resilience.

 The Green Paper shows that despite government and businesses increasing spend on these protections, the losses are mounting, with $33 billion (AUD) reported in cybercrime losses in the past financial year, up 13% on the year prior.

“No organisation is immune, and government, business and insurers can no longer combat this issue in silos. SME business are a target due to the lack of knowledge resulting in their businesses being increasingly exposed with weaker defences in place.” The institute comments.

About half of these SMEs spend less than $500 on cyber security and only 20% of them have cyber insurance the institute data shows.
To protect your business, good quality cyber hygiene and security comes first, and then cyber insurance will provide restitution if risks break through these first lines of defence the Institute also states.

SHC Insurance Brokers CEO, Brett Graves, has seen firsthand the effects of phishing attacks on his clients, often unrecoverable. SHC construction clients are particularly vulnerable due to the nature of client payments being transacted through email, they have become a high-level target of Cyber fraud due to the value of one-off transaction amounts involved.

SHC recommend the following processes be put in place to reduce the risk:

Always call the client prior to sending an invoice for payment where amounts are considerable, advise your client do not pay an invoice where it has not been verbally confirmed. Even then, the parties undertaking the fraud can still intercept the email and change bank details. For this reason, advise your client if they receive a request for payment where the bank details differ, do not pay the invoice before confirming back with yourselves. Often, a cyber-attack may occur months after they have gained access to your system, waiting, and monitoring your systems and learning your weaknesses.

SHC also recommend speaking to your IT provider about installing a multi-factor-authentication software to protect your passwords and systems. This software once installed will make your passwords easier to manage in the modern-day society where we have so many different systems and passwords. Phones and emails are the most two common areas of risk of an attack for the SME market.

For more information, please contact our team on 1300 550 665 for further advice and Insurance protection available.