Reducing the impacts of cyber attack

7 June 2022

Cyber attack, data loss and cyber extortion are top risks for Australian practices. Planned Cover highlights the impact of cybercrime, some of the cyber hygiene practices that can reduce threats, and the role of cyber insurance.

Cyber attack, data loss and cyber extortion have been ranked as the top three risks for directors and officers in Australasia by a significant margin, with regulatory risk coming in at number four, according to the latest Directors’ Liability Survey from Willis Towers Watson and law firm Clyde & Co. Of particular interest in the survey was how high cybercrime ranked as a concern amongst business leaders, yet the uptake of cyber insurance remains low and slow whilst attacks have increased at an alarming rate.

We live in a volatile world with cyber crime becoming the modern-day ammunition. In fact, on 28 April 2022 the Australian Cyber Security Centre advised that Australian organisations should urgently adopt an enhanced cyber security posture because of the heightened threat of Russian state-sponsored cyber attacks on countries seen to be supporting Ukraine. So, the threat is real and it’s at our doorstep like never before.

Cyber Hygiene

Microsoft’s latest Digital Defence Report identified five cyber hygiene practices that can have a major impact on reducing threats. These five practices can protect you from 98% of cyber attacks:

• Enable multi-factor authentication – introduces several authentication checks before granting access and requires successful user authorisation before you can proceed.
• Apply least privilege access – restrict or limit access to only those who legitimately require it. Similarly, limiting users to ‘just in time’ access, to limit network entry points and prevent attackers from making their way through your network.
• Keep software up to date – always use the latest software versions. They are updated to fix bugs and specifically strengthen their security and integrity so that it becomes harder to hack the software. Out of date software is often compromised.
• Use anti-virus software – Install reputable and tested anti-virus software on all devices. Use cloud-connected anti-virus services for the most current and accurate detection capabilities.
• Protect your data – understand the nature of the data you collect and keep, and where you are storing it. By understanding its sensitivity, you can assess the risk associated with data exposure, put in place a range of steps to classify and protect it. Think twice before sharing it!

Cyber Insurance

However, should your systems still be penetrated, you will most likely suffer losses, potentially huge financial ones. Do you then put your hand in your pocket to help recover data and reinstate systems? Without insurance, will your business be able to afford this to the extent that it may be required? What about the subsequent loss to your practice each day it cannot operate? This is where cyber insurance certainly has a role to play in managing the risk in your business and helping you get back on track.

Here’s a snapshot of what it may cover:

FIRST PARTY LOSSES

Business interruption losses – Covers financial loss you may suffer because of a cyber-attack.

Cyber extortion – The costs of a cyber-attack, such as hiring negotiation experts, covering extortion demands and prevention of future threats.

Electronic data replacement – The costs of recovering or replacing your records and other business data.

THIRD PARTY LOSSES

Security and privacy liability – Damages to your reputation resulting from data breaches, such as loss of third-party data held on your system.

Defence costs – Funds the legal costs of defending claims.

Regulatory breach liability – Covers legal expenses and the costs of fines arising from investigation by a government regulator.

Electronic media liability – The costs of copyright infringement, defamation claims and misuse of certain types of intellectual property online.

EXTRA EXPENSES

Crisis management expenses – Provides cover for the costs of managing a crisis caused by cyber hackers.

Notification and monitoring expenses – The costs of notifying customers of a security breach and monitoring their credit card details to prevent further attacks.