With an average loss of $275,000, 80% of Australian SMEs targeted by a cyber-attack go bankrupt within 12 months.

You may think that data breaches and cyber-attacks are a big end of town problem but SMEs are increasingly being targeted as “easy pickings” by criminals attempting to steal customers’ sensitive information, or make a quick buck holding your computer network to ransom.

Not only do SMEs often have less robust security measures in place, but for many small businesses paying up if hit with a “ransomware” attack  is often the most cost-effective option, particularly where recent back-ups aren’t readily available.
 
Unfortunately if you do find yourself at the receiving end of an attack, there is a very real chance that you could go out of business.
                                 
According to Shannon Sedgewick, the CEO of GM Risk Group, 80% of Australia’s small businesses that fall victim to a cyber-attack will go bankrupt within 12 months.
 
“It takes on average 23 days to resolve a cyber-breach within a small to medium business, at a cost of around $275,000,” says Sedgewick, speaking at the 2018 Asia Pacific Legal Frontiers Seminar in Sydney. “I don’t know of many SMEs that can afford to lose more than a quarter of a million dollars in less than a month.”
 
But what are SMEs doing about it? Sadly, not much.
 
“There’s a lack of cyber-security culture within Australian companies,” Sedgewick says. “It’s seen as only necessary within the IT departments but it’s a whole-of-business issue.”
 
While identifying areas of potential vulnerability, putting practices in place to minimise risk and drawing up incident response plans should the worst happen are a must for every business, Sedgewick also suggests investing in cyber-attack insurance.  Currently less than 15% of Australian SMEs are covered by insurance in the event of a cyber- attack.
 
“Cyber-attack, statistically, is far more likely to happen than any other emergency event like a flood, a fire or a terrorist attack or any other sort of business loss or theft via physical means,” he says.
 
 
Cyber-attack, statistically, is far more likely to happen than any other emergency event like a flood, a fire or a terrorist attack or any other sort of business loss or theft via physical means.