Many SME owners believe that they don’t have to worry too much about cyber crime. After all, why would Internet villains bother with small fry when they could go after heavy hitters such as Yahoo, eBay or Uber?
Unfortunately, cyber criminals take an equal-opportunity approach. While they can and do target large organisations, they also realise such organisations have the resources to spend big on cyber security. It’s often quicker and easier for them to extort NZ$1,000 from 1,000 small businesses they’ve infected with ransomware than to try to hack into a larger business in the hopes of earning NZ$1 million. It’s the cyber attacks that devastate multinationals or large government departments, such as Petya and WannaCry that get all the media attention. But, without generating any headlines, tech-savvy crooks target millions of SMEs each year.
“Microsoft claims cybercrime now costs the global economy around US$500 billion (NZ$752 billion) annually and that 20 per cent of SMEs have been targeted by malicious actors ”
While it’s hard to get reliable figures (no business wants to advertise the fact it’s been hacked), it’s estimated around half of all cyber attacks target SMEs. Even worse, the number of cyber attacks has increased exponentially in recent years. Globally, it’s estimated that 4,000 ransomware attacks occur and 230,000 new malware samples are produced every day. Microsoft claims cyber crime now costs the global economy around US$500 billion (NZ$752 billion) annually and that 20 per cent of SMEs have been targeted by malicious actors.
What is cyber crime?
Cyber crime includes all of the following:
- Identity theft
- Cyber stalking
- Use of malware
- Use of viruses
- Computer and network hacking
- Online scams
- Phishing scams
- Information theft
Everybody who uses a computer– or even just a mobile phone or iPad – for work purposes can be a victim of cyber crime.
What happens if my security is breached?
The two cybercrimes SME owners most need to be worried about are ransomware attacks and data breaches. A ransomware attack involves a business’s files being encrypted and thus rendered unusable. In the digital age, this can quickly result in operations grinding to halt, which in turn soon means revenue stops flowing in. Business owners often pay a substantial but not excessive ransom (the average demand is around NZ$1,000) to have their files unencrypted. In the case of a data breach, the cybercriminal steals data (think addresses and bank account details) about a business’s customers or, more rarely, staff. This data is then used for identity theft, fraud or extortion.
But I’ve got a firewall!
It’s both possible and advisable to minimise the risk of a cyber attack. This is done through some combination of the following:
- Installing reputable anti-virus programs
- Having secure data back-ups
- Firewall technology
- Data encryption
- Introducing and enforcing sensible policies around the use of equipment (especially BYOD gear) such as laptops and smartphones
Unfortunately, even if you do have all the right systems and software in place, your business is still at risk. If major banks, governments and even Google can fall victim to cyber attacks, anyone can.
What does cyber insurance cover?
Fortunately, while you can never 100 per cent guarantee your cyber security won’t be breached, you can insure against the costs that often arise in such a situation. A cyber insurance policy can cover you for expenses related to the following:
- Interrupted business
- Hiring negotiators and paying a ransom
- Recovering or replacing records or data
- Liability and loss of third-party data
- Defence of legal claims
- Copyright infringement
- Misuse of intellectual property online
- Crisis management and monitoring
- Prevention of further attacks
This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date the article is written as specified within it but is subject to change. Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.