The estimated value of cyber-crime losses in Australia last year was $3.1 billion. It is estimated that well over 120,000 cyber-crime incidents occurred between January 2021 and December 2022. These statistics are likely underestimated as many instances of cyber crime go unreported.
While the Optus and Medibank breaches steal the headlines, the stark reality is that the overwhelming majority of victims of cyber crime are small and medium-sized businesses. On average, a small business can expect to suffer a $40,000 loss per cyber-crime breach and a medium business can expect an $88,000 loss.
While some businesses may be more susceptible to cyber criminals, the fact remains that everyone is a potential target. It was very recently reported that an earthworks business based in Grafton, New South Wales suffered a $1.2 million loss to cybercrime. Of course, this only reflects the loss of cash from the bank account. It does not take into account the loss of business reputation and the stress suffered by the business owners in dealing with the fallout caused by the attack.
As insurance companies are currently making a loss on their cyber security insurance products, and it is exceptionally difficult for the Australian government to effectively deal with criminal gangs based overseas, it is up to business and individuals to ensure they are cyber aware and cyber secure.
But they don’t have to do it alone. In fact, the community becomes more cyber safe as more people become cyber aware. This is very similar to the concept of ‘herd immunity’ implemented during the COVID pandemic.
Here are some of the ways you and your business can become cyber aware:
- Regularly check in at cyber.gov.au to see the latest cyber-crime alerts. The greater the awareness of the latest trick or scam, the less likely people will fall for it. There is a reason why we don’t see the Nigerian Prince scam anymore!
- Train your staff about how to spot potential cyber attacks and what they should do if they encounter a threat. Many cyber attacks rely on exploiting human emotions so that people click links without thinking. Proper training creates learned responses that defuse these potentially dangerous situations.
- Make a plan about what to do if a cyber attack occurs. Swift and decisive action in the first hour of an attack can drastically mitigate the financial damage. Having a clear chain-of-command detailed in a plan will allow rapid action. Pre-planned communications with staff and external stakeholders will ensure that any reputational damage from the fallout of an attack can be minimised.
To learn more about cyber crime and get further practical guidance about how to protect your business, please join us on 2 November at 10-11am for our Data Protection and Cyber Security Event