The economic impact of a solitary cybersecurity incident can be extremely severe.
Australia should tighten
cybersecurity
Guidelines to mitigate backlash from assaults, particularly for small and medium-sized businesses (SMEs) that often lack insurance, according to experts.
The economic consequences of a solitary cyber incident can be extremely damaging,
Susie Amos
, principal and head of commercial lines at Finity Consulting Pty Ltd., told
Insurance Asia
For small and medium-sized enterprises, in certain situations, even a portion of this expense could result in bankruptcy.
A reliable and cost-effective accreditation system would provide small and medium-sized enterprises with a clear roadmap for enhancement and help the marketplace assess their readiness levels, as stated throughZoom.
Six of 10 Australian SMEs have reported having experienced a cybersecurity incident, leading to an average cost of $32,000 (AU$50,000) for small businesses and $40,320 (AU$63,000) for medium enterprises, according to the Australian Cyber Security Centre.
Amos stated that small and medium-sized enterprises (SMEs) face annual cybersecurity insurance costs ranging from $448 (AU$700) to $32,000 (AU$50,000).
Kristine Salgado
The cyber broker leader at Marsh & McLennan Companies, Inc., stated that numerous small and medium-sized enterprises (SMEs) incorrectly believe their cybersecurity risks are minimal due to not managing substantial amounts of personal or health information.
“The misconception is that [cyber risk] only applies to data,” Salgado told
Insurance Asia
In an independent Zoom interview, he stated, “However, it pertains to system uptime, the capability of conducting business through technology, and maintaining a good reputation.”
Lindsey Nelson
The head of cyber development at CFC Underwriting Ltd., stated that 89% of business expenses in Australia over the last 12 months have been attributed to ransomware attacks.
Worldwide, the statistic stands at 71%, with the United States reporting a rate of 65%. She highlighted this alarming fact about Australian enterprises. Given that Australia heavily relies on small and medium-sized enterprises (SMEs), these entities frequently suffer as secondary casualties in widespread cyber-attacks targeting bigger organizations.
There were 2.6 million Aussie SMEs as of June 2024, or 97.2% of all businesses, according to data from the Australian Bureau of Statistics.
Nelson said SMEs are more likely to pay a ransom to get their business up and running.
Salgado pointed out that systemic risks arising from widespread dependence on key service providers pose an additional challenge.
CrowdStrike potentially caused significant disruptions; however, numerous businesses with robust business continuity strategies mitigated the impact. “This might be a greater issue for insurers—figuring out how to assess these large-scale losses,” according to Salgado.
The Australia Cyber Security Act 2024 requires companies with an annual revenue of AU$3 million ($1.92 million USD) to disclose ransomware incidents, according to Nelson, which means approximately 98% of Australian businesses are exempted from this requirement.
In 2020, insurance premiums increased dramatically, causing significant pain for businesses with constrained cybersecurity budgets, according to Nelson. Although circumstances have since gotten better, maintaining this progress relies on upholding strict underwriting standards, she noted.
They seek assurance that the market understands what it’s doing regarding cyber insurance,” she stated. “They desire consistent and predictable terms from one year to the next, enabling them to plan their budgets effectively without unexpected fluctuations.
Amos suggests that the extended economic effect of underinsurance among Australian small and medium-sized enterprises might amount to tens of billions of dollars over time.
She stated that the government must significantly increase investments in bolstering Australia’s national cybersecurity defenses.
