Cyber-attacks are ranked as one of the top three business risks globally for 2021 (Allianz Risk Barometer, 2021).
Engineering businesses rely on technology more than ever before, and the global pandemic has only served to heighten this dependency. It is this reliance on tech which has seen cyber-attacks become a highly lucrative crime, and drive cyber criminals to become increasingly sophisticated in their methods of attack.
It does not matter how ‘secure’ you think your IT systems are, all businesses of all sizes are vulnerable to attack.
Protect your engineering business from serious financial losses by ensuring you have Cyber Insurance in place.
The current cyber risk landscape
Recent reports illustrate just how severe the current threat of cybercrime is to businesses.
Key trends:
- The pandemic has caused an even greater push towards digitalisation and remote working, generating colossal tech vulnerabilities, and even more opportunities for system intrusions (AGCS).
- Cyber criminals are using increasingly creative hacking techniques e.g. automated scanning to find security gaps, attacks on poorly secured routers, and ‘deepfakes’ – where realistic images or videos of individuals are modified or falsified by artificial intelligence to commit fraudulent activity.
- Ransomware incidents are increasing in severity and sophistication, with hefty extortion demands (Cyber Risk Trends Report, AGCS).
- Privacy regulations and fines and penalties for data breaches continue to increase.
- Cyber-attacks are no longer isolated to companies with vast amounts of sensitive data. Cyber criminals are progressively targeting traditional industries through ransomware attacks and business email compromise scams, where invoices are unknowingly paid into fraudulent bank accounts.
The facts:
- When Coronavirus first peaked in April 2020, the FBI reported a 300% increase in cyber incidents.
- Cyber-crime is now estimated to cost the global economy over $1 trillion, up from 50% just two years ago (Mcafee).
- Despite these alarming figures, 56% of surveyed companies confessed they do not have a plan to prevent and respond to a cyber incident…(AGCS).
What can happen to your business in an attack? What do you stand to lose?
Cyber-attacks can come in a variety of forms. Ransomware, phishing attacks, malware and business email compromise (funds transfer fraud) are among the most common, and all of these can have a serious impact on your business and bottom line, not to mention the personal emotional toll.
The impact of a cyber-attack:
Business interruption
Without access to integral IT systems, businesses can be completely paralysed, unable to trade without their key systems (e.g. emails, zoom, client records, files, payment systems, operating systems etc.). This downtime can have a serious financial impact.
Direct financial losses
Cyber-attacks often result in major financial losses. Companies may have no choice but to pay large ransoms in order to regain access to their data, and business email attacks may result in large sums of money being inadvertently paid into fraudulent bank accounts – the list goes on.
Forensic investigation costs
Specialist consultants are often required to discover the origins in order to try recover data or pursue the criminals. This expense can amount to tens of thousands of dollars.
Incident response costs
IT consultants and forensic IT specialists often need to be engaged to assist in IT infrastructure and data recovery, as well as restoration costs. They also investigate the origins of the attack. This expense can reach into the tens of thousands of dollars.
Third party compensation payments
Should any clients or business partners be adversely affected by a cyber-attack, legal proceedings can ensue, and businesses can be ordered to pay substantial claims for damages. Legal expenses and compensation claims can amount to thousands of dollars.
Statutory fines and penalties
Australia has mandatory data breach notification laws, making it compulsory to report a privacy breach to the Office of the Australian Information Commissioner. Breaches of this legislation can result in fines of up to $360,000 for individuals and $2.1 million for businesses.
Reputational damage
If your clients or the news media get wind of an attack, it can be highly damaging for your brand. It may lead to a lack of trust or confidence in your brand, and result in current or potential clients going elsewhere. It can also see the need for PR specialists to mitigate damages where possible.
Did you know? Cyber-attacks are NOT covered by a standard business insurance policy. You are not protected against these losses if you do not have Cyber Insurance.
Cyber Insurance claim example
The following claim example illustrates just how expensive a cyber-attack can be…and the value of insurance.
Cyber incident: Business email compromise claim
Background
Hackers gained unauthorised access to the email account of a director of an engineering business. This was achieved by harnessing account credentials available on the dark web.
Once the hacker infiltrated the email system, they began using the company director’s account to email clients with outstanding invoices, advising that all future invoice payments should be made to a new bank account. To make this request appear legitimate, the hacker created fake invoices visually identical to those of the engineering firm, with altered bank account information.
Multiple clients of the engineering firm went on to pay their invoices into the fraudulent bank account. These payments amounted to a sum of $56,000 by the time the business owner discovered something was wrong.
Outcome
The engineer claimed the business’ losses against their Cyber Insurance policy. Their policy covered the direct financial loss suffered as a result of the hacking, and fraudulent invoice payments. It also covered the forensic investigation costs associated with the incident, and the cost to re-secure the engineering firm’s IT systems.
Claim payment: $80,000
Many businesses struggle to get back to where they were before an attack, but sadly, some never recover, and are forced to close their doors.
Make Cyber Insurance part of your risk management plan.
Cyber Insurance plays an integral role in minimising the collateral damage of a cyber-attack.
Following a cyber incident, your insurer and all specialists engaged will lead a coordinated cyber incident response, helping establish a sense of calm, and a methodical way forward in what is a highly stressful, fast evolving situation. Cyber Insurance can ensure the best outcome is achieved for your engineering business.
Cyber Insurance is designed to cover:
First party costs (costs to your business)
Incident response costs – cover for costs involved in responding to a cyber incident in real time. This includes IT security and specialist forensic support, legal advice in relation to breaches of data security, PR specialists to mitigate brand damage, and the cost associated with notifying any individuals e.g. clients or suppliers who have had their data stolen.
Cyber extortion – cover for costs incurred to respond to fraudsters attempting to extort money from you by threatening to carry out a cyber-attack or by threatening to expose or destroy data after compromising your network. E.g. ransomware payments, or social engineering (otherwise known as CEO fraud or business email compromise), where attackers pretend to be a business owner or figure of authority, and trick a client or employee into sending funds to a fraudulent bank account.
System damage – cover for the repair and restoration or your data and applications in the event your computer systems are damaged as a result of a cyber incident. This is critical cover to get you back up and running.
System business interruption – cover to reimburse loss of profits and increased costs of working as a result of interruption to your business’ operations caused by a cyber event.
Note: Traditional business interruption insurance does not cover you for cyber incidents.
Third party costs
Network security and privacy liability – protection against third party claims for compensation arising out of a cyber event, e.g. transmission of harmful malware to a third party’s systems or failing to prevent an individual’s data from being breached. This includes cover for legal defence costs, and any damages ordered payable.
Regulatory fines – cover for the cost of certain statutory fines and penalties imposed on an organisation as a result of a data breach.
Media liability – cover for third party claims arising out of defamation or infringement of intellectual property rights.
Risk management measures are key to cyber-attack prevention
In addition to Cyber Insurance, the Australian Government has some excellent risk management and prevention resources to help you:
- Reduce the likelihood of an attack
- Minimise the severity of a cyber attack
- Set yourself up for a faster recovery to get your business back on track
To access these resources, visit: https://www.business.gov.au/Risk-management/Cyber-security/How-to-protect-your-business-from-cyber-threats
EngInsure are here to support you with important insurance advice and solutions to protect your engineering business. Contact our team of specialists to ask about a tailored Cyber Insurance quote for your business:
T: 1300 854 251
E: info@enginsure.com.au
This article is not intended to be personal advice and you should not rely on it as a substitute for any form of personal advice. Please contact Whitbread Associates Pty Ltd ABN 69 005 490 228 License Number: 229092 trading as EngInsure Insurance & Risk Services for further information or refer to our website.
Please note: the above are common cyber insurance policy features, however, the list is not exhaustive and some features may not be offered by certain insurers. Please refer to the insurer-specific policy wording for cover inclusions, exclusions, terms and conditions.