Scroll through the news and it won’t take long to find a story about a cyber-attack or data breach at yet another unfortunate company. With corporate cybercrime on the rise, it’s time for startups to learn from the mistakes of others.
You don’t want to think it will happen to you until it does. That’s the message that businesses of all shapes and sizes are realizing as cybercrime becomes more insidious and sophisticated than ever before.
While the horror stories may be alarming to founders, there are important lessons to be learned in cybersecurity. Startup Daily caught up with Jane Mason, Head of Product, Channels and Risk BizCover to find out what startups can do to better protect their data and systems.
How not to risk your reputation
While educating your team on best practices should be the first line of defense when it comes to protecting company data from outside threats, sometimes that’s not enough. According to Jane, the disproportionate majority of cyber-attacks in Australia are largely due to human error.
“Both the Optus and Medibank attacks were largely due to a lack of care and human error,” Jane tells Startup Daily. “Optus has left an application programming interface (API) – which is essentially a gateway to information – open online, allowing hackers to access sensitive customer data.
“The Medibank attack, which exposed sensitive medical records of thousands of people, happened simply because a single clerk at the counter lacked multiple identification.
“About 95 percent of cybersecurity incidents are due to human error, and while humans do make mistakes, that number is just too high. It is important that every employee remains hyper-vigilant when it comes to cybersecurity.”
Speaking of the data breach at Medibank, Jane says the company’s lack of cyber insurance put them in even hotter water than Optus, making their financial and reputation recovery significantly more difficult to manage.
“Medibank probably wouldn’t just be faced with the cost of recovering the data and investigating the attack,” says Jane. “But they should probably consider the costs of business interruptions and the costs of strengthening cyber defenses. Then there’s the cost of dealing with the PR breakdown and the potential to be held liable for fines and legal fees associated with the victims of the attack.
It is a good lesson for startups that have much less infrastructure and money at their disposal to recover quickly. When preventive tactics fail, cyber liability insurance can play a key role in ensuring that businesses are not left penniless and abandoned.
“While reputational damage is only one of four types of damage you could face as a result of a cyber incident – the others being financial, operational and intellectual property damage – it could certainly be the most devastating,” says Jane.
The big myth about ‘the big boys’
Jane says many emerging startups and small businesses have been misled by the notion that cyberattacks and data breaches “only happen to the big guys.”
“Attacks are increasingly shifting to smaller companies as they are exposed as easier targets,” says Jane. “Many lack dedicated IT staff, fail to identify the weaknesses in their systems and underestimate the risk.”
As Australia’s leading online small business insurance provider, BizCover provides startups at all stages with the tools to combat the financial and reputational consequences of a cyber-attack. According to recent BizCover dataCurrently, only 20 percent of SMEs have cyber insurance, compared to 35 to 70 percent for larger organizations.
“I would say to the people who don’t think they’re being targeted to reconsider their risk,” says Jane. “If your company has online systems to manage business or you handle important data that could be compromised, the answer is yes, you are at risk of a cyber-attack.”
Plan for the worst, be the best
There are plenty of things that many startups are already doing to tighten their cybersecurity practices. This includes measures such as keeping up to date with updates and device upgrades, enabling secure data encryption, and creating a security policy with anti-virus protection.
If you find yourself suddenly caught in the whirlwind of a cyber-attack, it’s best to prepare a plan for the incident even happens. Jane encourages the use of the Cyber incident response plan template provided by the Australian Cyber Security Center (ACSC).
The next step is to confirm and classify the incident and activate what you would call your Cyber Incident Response Team (CIRT). Then collect evidence, document activities and actions, and implement a recovery action plan. Finally, you’re ready for a recovery plan and post-incident assessment so it never happens again.
While cyberattacks are often unavoidable, how you react to the aftershocks is the defining moment.
“It is the ability to deal with the consequences of an attack that determines whether a company will survive a data breach,” says Jane. “The lack of trust and likely loss of customers is never a good thing for any company, no matter what size.”
To find out what’s covered and compare competitive quotes from leading insurers online, visit bizcover.com.au.
This article is brought to you by Startup Daily in partnership with BizCover.
The provision of the claim examples is for illustrative purposes only and should not be taken as an indication of how any potential claim will be assessed or accepted. Coverage for claims on the policy is determined by the insurer, not BizCover.
This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover is subject to the terms and exclusions set out in the policy terms and conditions. © 2023 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769
Image Feature: Supplied