Reducing the impacts of cyber attack

Cyber attack, data loss and cyber extortion are top risks for Australian practices. Planned Cover highlights the impact of cybercrime, some of the cyber hygiene practices that can reduce threats, and the role of cyber insurance.

Cyber-attacks, data breaches, and cyber extortion remain among the top risks for Australian businesses, including architectural firms. The increasing frequency and sophistication of cyber threats underscore the need for robust cybersecurity measures. Despite this, many organisations have yet to adopt comprehensive cyber insurance policies, leaving them vulnerable to significant financial and reputational damage.

The cyber threat environment continues to evolve, with both state-sponsored actors and cybercriminals actively targeting Australian networks. The Australian Cyber Security Centre has issued multiple warnings regarding the rise in cyber threats, including an increase in denial-of-service attacks that have disrupted online services and impacted business operations across various sectors.

To mitigate these risks, architectural practices should adopt fundamental cybersecurity measures that reduce their exposure to threats. According to Microsoft’s 2024 Digital Defense Report, the following practices are essential for significantly improving cyber resilience:

• Enable Multi-Factor Authentication (MFA)
• Apply Least Privilege Access
• Keep Systems and Software Up to Date
• Use Anti-Malware Solutions
• Protect Sensitive Data
• Manage All Devices
• Adopt Zero Trust Principles
• Educate and Train Users
• Backup and Recovery Planning

While no single measure can eliminate cyber risk entirely, a layered, proactive approach to cybersecurity can substantially reduce the likelihood and impact of an attack.

The Australian Signals Directorate (ASD) is the Australian government department specialising in intelligence and cyber security.

They recommend the implementation of the Essential Eight mitigation strategies:

• Patch applications
• Patch operating systems
• Multi-factor authentication
• Restrict administrative privileges
• Application control
• Restrict Microsoft Office macros
• User application hardening
• Regular backups.

Implementing these strategies can significantly enhance an organisation’s cybersecurity position.

Considerations

1. Should your network have a cyber event, your business will most likely suffer a loss, potentially a large financial loss.
2. Could your business survive an extended loss of time, money or public relations capital?
3. As a business owner, do you then put your hand in your pocket to help recover data and reinstate systems?
4. Would your IT provider indemnify you?
5. What about the subsequent loss to your practice each day it cannot operate?

As a business owner, there is no hesitation to cover physical property (ie the office). Data is your intellectual property and also needs protection.

A comprehensive Cyber Insurance policy offers robust protection by covering both first-party and third-party losses. Policies can vary significantly in the benefits they provide, but typically they offer a broad range of coverages, including:

• 24/7 Cyber Breach Support – Immediate access to a team of cyber experts who can help you manage and mitigate the impact of a cyber event.
• Electronic Data Replacement – Provides cover for the costs associated with recovering or replacing your digital records and data that may be corrupted or lost due to a cyber event.
• Business Interruption – Provides cover for loss of revenue for the period your business operations are disrupted due to a cyber event.
• Cyber Extortion – Provides cover for the costs associated with cyber extortion, such as ransomware attacks due to a cyber event.
• Security and Privacy Liability – Provides cover for the damages and legal costs associated with a breach of third-party data on your system.
• Defence Costs – Provides cover for legal expenses incurred in defending your business against claims related to a cyber event.

By proactively addressing cybersecurity, architectural practices can protect their assets and ensure business continuity in the face of evolving cyber threats.