When business owners think about online security, they usually to think at either end of the spectrum.
- They either think online security is easily dealt with by anti-virus software
- or they think it’s all about hacking – and they will never be hacked!
The reality is it’s neither.
Our last post showing you how to protect a small business online, illustrates how you can protect your businesses from the many risks of conducting business on the internet.
This post is the second in the series.
Planning for your business’ online security is not just smart business sense, it’s also a requirement of applying for cyber insurance.
Less than 2% of small and medium-sized businesses have cyber insurance, but almost all conduct business online.
And they carry the responsibility and legal liability for the security of those transactions, and the consequence of interruption to their business.
And according to the Australian Government, the yearly cost to Australian industry as a result of cybercrime is over $1 billion – and that doesn’t include issues of business interruption, data loss or the damage to reputation if customer details are leaked or stolen.
3 Reasons Why You Should Consider Cyber Insurance
Because traditional insurance hasn’t – and won’t – keep up with the speed of change in cyberspace.
On the web, new platforms spring up overnight and businesses change their communication channels with customers on a regular basis. But traditional insurance doesn’t reflect the complexity of these platforms, the nature of the web, or the jurisdictions in which these transactions are completed.
Online issues such as security breaches and hacking are almost always uncovered after they have occurred.
Trying to protect your business and fix customer backlash about the loss of security without being prepared is like trying to put a genie back into a bottle.
The issue for a business that doesn’t handle online risk well is not just what happens at the time.
If you face a cyber issue and people feel as if their online security has either been breached or is in danger, your reputation takes a hit for the next transaction. For many businesses we talk to, they have struggled to sustain their online business after being the target of cyber fraud, hacking or other risks.
So where are the risks for your business?
There are four main areas that impact most Australian small-to-medium-sized businesses.
They are not just hazardous websites or online areas to stay clear of.
Rather, they’re danger zones that will have an instant and lasting impact on your business.
You may not know this, but when it comes to your business’ fire-and-contents insurance, the only loss covered is the box in the corner. Your physical server is covered. Your data is not. This means your customer records and history, order history, transactions, business IP, protocols and processes are all at risk. According to CIO online, this data loss and disruption costs Australian businesses $65 billion a year.
Business continuity and downtime.
Almost all Australian businesses use IT in the everyday course of their business. Even if that’s just doing the books, you will be on a computer at some stage. Being compromised in an online space means you need to take time normally spent on your business and put it into recovering whatever you’ve lost. That business continuity costs you time and money. More information on Business Continuity Planning can be found here.
Loss of sensitive data and privacy breaches
If you do face a hacking issue, then your business now faces a customer base who trusted you with their personal details. It only takes three or four customers to take to social media to generate bad publicity and, as we all know, business is too competitive to run that risk. In fact, cyber insurance cover cost is going to be the same as getting a publicist getting in to fix your new PR problem.
Storing your files or accounts online has become a streamlined way of managing your IT. It’s cheap, easy and accessible from anywhere. But the less you know about your data’s storage, the more of a danger zone it is. We suggest clients look at their cloud arrangements in terms of:
- Location of data – where is it stored, and which privacy laws govern them? If this is Australia, you have a legislative requirement when storing personal data. If the data is outside Australia, what is your obligation according to that country’s laws?
- Security – how secure is our data,
- Service level agreements (SLA’s) – how well do we understand the SLAs that govern our usage of cloud services?
- Multitenancy – how many other people have the ability to access our information?
The good news is that if your business addresses these issues, then you are already preparing for the requirements of cyber insurance.
We can talk to you about your cyber insurance needs – in fact, you only need to answer five or six questions in order to get a quote.
In the meantime, we encourage you to review what you have in place.
You need to be investing now to take care of yourself in the future.