Get a Quote

  • Max. file size: 32 MB.
  • This field is for validation purposes and should be left unchanged.
16
May

Cybersecurity Failures and Financial Risk – A Warning for Small Businesses

Cybersecurity might seem like a concern only for large corporations, but recent events have shown that small businesses are equally vulnerable. Many SMEs view cybersecurity as too complex, costly, and time-consuming to set up and manage alongside their daily operations.In May last year, FIIG Securities, a fixed-income broker, suffered a significant data breach due to inadequate cybersecurity measures. Hackers accessed their systems undetected for nearly three weeks, stealing about 385GB of sensitive client data. This breach affected about 18,000 clients, exposing personal information such as names, addresses, and financial details. ​

The Australian Securities and Investments Commission (ASIC) has since taken legal action against FIIG Securities, highlighting the importance of robust cybersecurity practices for all businesses, regardless of size.

Small Businesses Are Prime Targets

It’s a common misconception that cybercriminals only target large organisations. In reality, small businesses often lack the resources for advanced cybersecurity, making them attractive targets.

Any business with internet-connected computers is exposed to cyber risks such as malware, denial-of-service attacks, or data breaches. More than nine in 10 breaches are attributed to human error.

The Australian Cyber Security Centre (ACSC) reported that in the 2022-2023 financial year, the average cost of cybercrime for small businesses was $46,000. That marked a 14% increase from the previous year.

As well, an ACSC survey reveals that more than six in 10 small businesses have experienced a cybersecurity incident, yet only 36% have a cybersecurity plan and actively train their staff.

Meeting Basic Cybersecurity Standards

To protect your business, implement fundamental cybersecurity measures. ASIC expects businesses to take reasonable steps based on the nature of the data they hold.

Key measures include:​

  • Updated firewalls and antivirus protection:
    Regularly update and monitor your systems to defend against threats.
  • Regular patching of software:
    Ensure all software is up to date to address known vulnerabilities.
  • Multi-factor authentication (MFA):
    Add an extra layer of security to your login processes​.
  • Documented incident response plans:
    Have a clear plan to respond to cybersecurity incidents.
  • Access to cyber expertise:
    Whether in-house or outsourced, ensure you have experts to manage your cybersecurity.

Neglecting these fundamentals can leave your business exposed to significant risks.​

The Role of Cyber Insurance

While the above measures provide a foundation, cyber insurance serves as an extra safety net to mitigate cybercrime risks. Cyber insurance can cover legal costs, data breach responses, client notifications, business interruptions, and more.

It can also cover crisis management costs, such as legal support, IT forensics, credit monitoring, and communications, as well as extortion response, lost income from business interruption, data restoration, and third-party liability for claims from regulators or affected clients.

Other benefits often bundled with policies include free or discounted access to cybersecurity experts, threat intelligence, IT vulnerability checks, and training—services that can reduce your risk and lessen the impact of a cyberattack.

However, it’s crucial to understand that insurers may limit or deny coverage if basic security controls are not in place.

Insurers now expect businesses to have essential cyber protections like multi-factor authentication, secure backups, staff training, and a response plan. If your setup doesn’t align with your policy—or hasn’t kept updated with changes like new systems or additional data—your claim could be denied, even if the policy is active.

Regular policy reviews help ensure you remain covered as your business and cyber risks evolve. They also keep you informed of any new exclusions or requirements, like extra cover for social engineering. Staying current can protect your eligibility and enhance your response if something goes wrong.

Staying Compliant and Secure

To maintain compliance and protect your business:​

  • Sign up for alerts from the ACSC: Act promptly on notifications to stay ahead of threats​.
  • Train staff regularlyEducate your team on phishing, password security, and incident reporting​. For instance, your finance staff may play a crucial role in your front line defence against breaches.
  • Conduct annual cyber audits or risk assessments: Use internal resources or third-party experts to identify vulnerabilities​. Start with this official cyber security checklist.
  • Document and review IT and data protection policies: Keep your policies up to date and ensure they reflect current best practices.

Partnering for Protection

As your broker, we understand the unique challenges small businesses face in the digital landscape. We are here to work with you to assess your cybersecurity needs, ensure you meet necessary standards, and find the right insurance solutions to protect your business.​

Take proactive steps to strengthen your cyber defences. Partner with professionals who understand cybersecurity and insurance to protect your business from threats and financial loss.

 

Article Supplied by OneAffiniti

Photo by kelvn

More Articles

16
May
Avoid the Pitfalls: Risk Essentials for Real Estate Agents

More than half of Australian real estate professionals say client expectations have intensified in the past two years.

Read More
16
May
Covering Your Bases When Hiring from Overseas

If you’re running a farm in Australia, you understand the reality of the seasonal labour crunch.

Read More
16
May
Cybersecurity Failures and Financial Risk – A Warning for Small Businesses

Cybersecurity might seem like a concern only for large corporations, but recent events have shown that small businesses are equally vulnerable.

Read More
11
Apr
The Housing Crisis is Hitting Australian Business Hard

Australia’s housing crisis has emerged as the priority social issue worrying business leaders in 2025.

Read More
11
Apr
Tradie’s $90K Loss: The Cost of One Missed Policy Renewal

A single mistake cost Billy, a young Sunshine Coast plumber, his ute, tools, and nearly his livelihood.

Read More
11
Apr
Post-Cyclone Alfred Checklist Every Aussie SME Should Have

Cyclone Alfred hit a 500 km stretch of Queensland and the NT in early March, cutting power to over 240,000 properties and damaging homes, commercial buildings, and infrastructure.

Read More

Get in touch today.

Book an appointment, lodge a claim or contact us to find out more about our full range of insurance services.

Book An Appointment Submit a Claim Contact Us