80 per cent of Australia’s small businesses that fall victim to a cyber-attack will go bankrupt within 12 months.
Wow. What a statistic.
It came from cyber risk expert, Shannon Sedgewick, the CEO of GM Risk Group, who was speaking at the 2018 Asia Pacific Legal Frontiers Seminar held in Sydney in early March.
“It takes on average 23 days to resolve a cyber-breach within a small to medium business, at a cost of around $275,000,” says Sedgewick. I don’t know of many SME’s that can afford to lose more than a quarter of a million dollars in less than a month.”
And what are SME’s doing about it? Sadly, not much.
“There’s a lack of cyber security culture within Australian companies. It’s seen as only necessary within the IT departments but it’s a whole of business issue.”
Listening to this was a room full of business leaders and small business owners. At the table I’m sitting at, talk has turned to who among us has fallen victim to either a cyber-attack or phishing scam. Everyone has a story. The man seated next to me is in the medical engineering industry he tells us about the time his company’s computer system was hacked by notorious online hacktivist group, Anonymous.
“I was in the middle of writing an email when my screen went blank and up popped their trademark symbol, (a Guy Fawkes mask). There was panic and no one, not even the IT guys knew what to do. It took us a couple days to get back on track and it cost a lot of money to fix.”
Since the attack, his company has changed its internet policies, all staff are given online safety training and it’s invested in the latest security software. If that fails, the company is protected with Cyber Attack Insurance. Which brings me to another worrying statistic.
Experts on Cyber Crime at 2018 Asia Pacific Legal Frontiers Seminar (far right: Shannon Sedgewick, the CEO of GM Risk Group)
It’s estimated that just 15% of Australia’s SME’s are covered by insurance in the event of a cyber- attack. It’s another a head-shaking tidbit of information from Shannon Sedgewick, and no he does not sell insurance. He’s just pulling his hair out wondering why so many businesses aren’t insured against what is being seen as the biggest threat to business.
“Cyber-attack, statistically, is far more likely to happen than any other emergency event like a flood, a fire or a terrorist attack or any other sort of business loss or theft via physical means. Cyber-attack is the easiest way for a criminal to access your data, your money,” says Sedgewick.
Newly elected NSW Business Chamber President, Nola Watson who has spent most of her career in risk management was also a guest speaker at the seminar. “Yes, you can look at insurance policies which are downstream solutions, and you need response plans whether you are talking about cyber security or a privacy breach but doing as much as possible up front to identify vulnerabilities and put practices in place is the starting point,” says Ms Watson.
Globally the cost of cyber-crime has exceeded the drug trade. Around the world cyber criminals have shown how easy it is to infiltrate and immobilise key infrastructure systems, government bodies and multi-nationals.
And while mass cyber-attacks such as Wannacry in 2017 which spread across 150 countries, infecting hundreds of thousands of computers with crippling ransomware get the headlines, it’s the small business operators that appear to have most to lose.