Internet usage continues to rise across the globe. Along with this, comes an increase in cyber-crime, which according to a report by Mcafee, is estimated to have cost the global economy USD$445 billion in 2013.
In Australia the cost is estimated at 0.08% of GDP per year, or approximately AUD$1.28 billion. The Mcafee report attributes this partly to the fact that, ‘Cybercrime produces high returns at low risk and (relatively) low cost for the hackers.’ In addition to taking out cyber insurance, businesses can proactively mitigate the risk of a cyber-attack by undertaking a range of measures including:
- Implementing business-wide cyber-risk management
- Seeking external specialist advice
- Identifying the type of data that needs to be secured
- Following the advice of ASIC’s REP 429
Don’t just leave it to IT Cyber-risk management should not only be considered the domain of the IT department. It affects the entire business and from the board down, the business needs to think about how to manage that risk and how to develop contingency plans if something does go wrong.
Seek external specialist advice The increasing variety and sophistication of cyber-crimes mean that independent specialist external advice on securing systems is essential for businesses. It is very rare that a business will have sufficient internal resources to address this problem fully both prior to and certainly following the loss.
Identify the type of data that needs to be secure Firms should conduct an audit of their network to ensure sensitive records have an appropriate level of security. Companies authorised under the Corporations Act to give financial advice, including brokers, are in the business of dealing with sensitive financial data. These companies hold personal information including name, address, date of birth – the very kind of data that could be the target of an attack.
Follow the advice of ASIC Report 429: Cyber resilience: Health check ASIC released Report 429: Cyber resilience: Health check (REP 429) in March 2015 to highlight the importance of cyber-risk management for ‘investor and financial consumer trust and confidence’. ASIC stated in the report that, ‘We are seeking to assist our regulated population in their efforts to improve cyber resilience. It is critical that our regulated entities manage their cyber risks.’ ASIC has indicated that it is going to be looking at its regulatory community and their cyber risk practices, specifically in relation to AFS licensees. The report outlined what AFS licensees need to do, including the importance of having structured and systematic systems in place to avoid cyber incidents, and the need for AFS licensees to regularly review their cyber risk profile, including their IT systems, and their disaster recovery.
If you are interested in cyber insurance, please feel free to contact us on 08 8391 6446 to discuss your options.