Insurance + Risk Services

Staying on top of cybersecurity

Cybercrime shows no signs of slowing down in Australia. And while attacks on big business may hog the headlines, smaller enterprises are squarely in the sights of hackers and cyber criminals.

The Federal Government’s online cybercrime reporting service, ReportCyber, received close to 94,000 reports in FY2023, according to the Australian Signals Directorate Cyber Threat Report.

Hackers and cyber criminals are intent on disrupting and defrauding, and their methods are increasingly sophisticated. It’s becoming apparent that artificial intelligence can enable even so called ‘junior hackers’ to create sophisticated social engineering campaigns, featuring fake voice and video.

Even the smartest and most sceptical of targets are at risk of being taken in

How? Because it’s easier than ever for perpetrators to home in on potential victims, courtesy of the fact that millions of ordinary Australians have had their personal information – email addresses, mobile numbers and personal identity data – leaked to the dark web.

The cybercrime supply chain

It’s because of this that businesses are now at increased risk of ‘supply chain attacks’. This kind of attack affords perpetrators access to the systems and data of the original victim’s partners and customers. More hackers are starting
to focus on this section of the ‘market’ – to the point that supply chain attacks may soon be offered as a service on the dark web.

Top three threats to business

According to the Annual Cyber Threat Report 2022–23, developed by the Australian Signals Directorate


Email compromise


Business email compromise fraud


Online banking fraud

Don’t make yourself and your business an easy target

Cybercrime is also becoming increasingly common among smaller businesses because they present a much easier target for criminals. According to Accenture’s Cost of Cybercrime Study, 43 per cent of cyber attacks are aimed at small businesses…with just 14 per cent of those prepared to defend themselves.

Cyber criminals also view Australian small to medium businesses as easy prey. Not only do they lack the resources of big business to defend themselves, but also because they simply don’t expect to be attacked.

Strengthening your defences

A major attack can be disruptive and expensive, and while cyber insurance can help defray the costs, prevention is always better than cure. There are several ways businesses can strengthen their defences to help reduce the likelihood of their falling victim.

First among these for small to medium enterprises is adopting the ‘Essential Eight’ – a series of straightforward mitigation strategies developed by the Australian Signals Directorate.

The Essential Eight

While these strategies aren’t fool proof, any small business that implements them will make themselves a much harder target for cyber criminals. Hackers will be more inclined to look for easier victims whose systems make them a softer target.

1 Application control

2 Patch applications

3 Configure MS Office macro settings

4 User application settings

5 Restrict administrative privileges

6 Patch operating systems

7 Multi-factor authentication

8 Regular backups

Does your business have a ‘cyber owner’?

While it might not be a full-time role, appointing a cyber owner is an effective way to ensure suitable cybersecurity measures are implemented and reviewed regularly, according to Steadfast’s Chief Information Security Officer, Alexander Moskvin.

“Unless someone is accountable for taking the actions…it’s easy for it to be everyone’s business but nobody’s task.”

Alexander Moskvin, Chief Information Secturity Officer, Steadfast

Keeping an eye on the security posture of your information and communication technology suppliers and partners is also a smart move, Moskvin says.

“Unfortunately, there are plenty of insecure systems on the market, so it pays to do your homework.”

Cover to help your business recover

A major cyber attack or data breach can be disruptive and expensive. Traditional insurance policies don’t cover losses to your business as a result of a cyber attack; should the worst occur cyber insurance is there to help your business bounce back and rebuild.

Key benefits of cyber insurance

  • Financial compensation to recoup costs that result from a security breach – including business interruption, IT recovery costs and regulatory fines
  • Compensation for clients and customers who suffer financially or emotionally as a result of stolen data
  • Extends to include expenses for legal representation and costs that incorporate forensic and legal counsel
  • Covers the cost of professional consultants to assist in repairing damage to your company’s brand and reputation

There are a wide range of suitable covers available for small and medium enterprises, and larger organisations. You can click here to learn more, or contact us to find a policy that’s right for your risk profile.

EngInsure are here to support you with important insurance advice and solutions to reach the best possible outcome for your business. For assistance, please get in touch with one of our specialists:

T: 1300 854 251

The contained information is general advice only. It is not intended to take the place of professional advice. Before acting on this information you should consider the appropriateness of this advice to your particular objectives, needs and financial objectives. Please contact Whitbread Associates Pty Ltd | ABN 69 005 490 228 | License Number 229092 trading as EngInsure Insurance & Risk Services for further information or refer to our website.