Scroll the news and it won’t take long to find a story about a cyber attack or data breach on yet another unlucky company. With corporate cyber crime on the rise, it’s time for startups to learn from others’ mistakes.
You don’t want to think it’ll happen to you, until it does. That’s the message businesses of all sizes and industries are realising as cyber crime becomes sneakier and more sophisticated than ever before.
While the horror stories can be alarming for founders, there are important lessons to be learned around cybersecurity. Startup Daily spoke with Jane Mason, Head of Product, Channels and Risk at BizCover to find out what startups can do to protect their data and systems better.
How not to risk your reputation
While educating your team on best practices should be the first line of defence when it comes to protecting company data from outside threats, sometimes it’s not enough. According to Jane, the disproportionate majority of cyber attacks in Australia are largely due to human error.
“Both the Optus and Medibank attacks largely came down to a lack of care and human error,” Jane tells Startup Daily. “Optus left an application programming interface (API) – which is essentially a gateway to information – open online, allowing hackers to access sensitive customer data.
“The Medibank attack, which released sensitive medical records of thousands of people, occurred simply because one single desk support worker didn’t have multi-factor identification.
“Approximately 95 per cent of cybersecurity incidents occur through human error, and while people make mistakes, that number is simply too high. It’s important that every employee remains hyper-vigilant about cybersecurity.”
On the Medibank data breach, Jane says the company’s lack of cyber insurance landed them in even hotter water than Optus, making their financial and reputational recovery considerably harder to manage.
“Not only would Medibank likely have to deal with the cost of recovering the data and investigating the attack,” says Jane. “But they would likely need to account for business interruption costs and the expense of bolstering cyber defences. Then there is the cost of dealing with the PR fallout and the potential of being liable for fines and legal costs associated with the victims of the attack.”
It’s a good lesson for startups that have a lot less infrastructure and funds at their disposal to recover swiftly. When preventative tactics fail, cyber liability insurance can play a key role in ensuring businesses aren’t left penniless and deserted.
“While reputational damage is only one of four types of loss you could face due to a cyber incident – the others being financial, operational and intellectual property loss – it could certainly be the most devastating,” Jane says.
The big myth about ‘the big guys’
Jane says many emerging startups and small businesses are misguided by the view that cyber attacks and data breaches ‘only happen to the big guys’.
“Attacks are increasingly shifting towards smaller businesses as they are exposed as easier targets,” Jane says. “Many lack dedicated IT staff, fail to identify the weaknesses in their systems and underestimate the risk.”
As Australia’s leading online small business insurance service provider, BizCover provides startups at all stages with the tools to combat the financial and reputational consequences of a cyber attack. According to recent BizCover data, only 20 per cent of small and medium enterprises currently have cyber insurance, compared to 35 to 70 per cent for larger organisations.
“I would say to the people who think they are not targets to reconsider their risk,” Jane says. “If your business has online systems to manage business or you handle important data that could be compromised, then the answer is yes, you are at risk of a cyber attack.”
Plan for the worst, be the best
There are plenty of things many startups are already doing to tighten up their cybersecurity practices. This include measures like staying on top of updates and device upgrades, enabling secure data encryption and creating a security policy with anti-virus protection.
If you find yourself suddenly thrust into the whirlwind of a cyber attack, the best thing you can do is have a plan in place before the incident even happens. Jane strongly encourages the use of the Cyber Incident Response plan template provided by the Australian Cyber Security Centre (ACSC).
The next step would be to confirm and classify the incident and activate what you’d call your Cyber Incident Response Team (CIRT). Following that, collect evidence, document activities and actions and employ a remediation action plan. Finally, you’ll be ready for a recovery plan and a post-incident review so it never happens again.
While cyber attacks can often be unavoidable, how you respond to the aftershocks is the make-or-break moment.
“It’s the ability to deal with the consequences of an attack that separates whether a company will survive a data breach,” Jane says. “The lack of trust and the likely loss of customers is never a good thing for a business, no matter the size.”
To find out what’s covered and to compare competitive quotes from leading insurers online, visit bizcover.com.au.
This article is brought to you by Startup Daily in partnership with BizCover.
The provision of the claims examples are for illustrative purposes only and should not be seen as an indication as to how any potential claim will be assessed or accepted. Coverage for claims on the policy will be determined by the insurer, not BizCover.
This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording. © 2023 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769
Feature image: Supplied
Daily startup news and insights, delivered to your inbox.