Happy new year (well we’re in Feb now, close enough)! Welcome to 2023 which is going to be a huge year filled with Cybersecurity discussions.
You may have heard about the numerous high-profile cyber-attacks in Australia in 2022, including those on Optus and Medibank. In light of these events, many business owners have been asking us about their current security protections and how they can improve their security. With the recent increase in fines for data breaches, it’s more important than ever to prioritize cybersecurity. That’s why we wanted to provide this article to give you a head start on the new year.
The 4 major security topics that you’ll see as a theme of 2023 are:
Compliance & Fines – More and more companies are going to require your business, and the businesses you work with to hold formal qualifications around data handling and Information Security. The Australian government has passed a bill that increases the penalty for companies suffering from serious or repeated data breaches and maximum fines have been increased from $2.22 million AUD to $50 million AUD, 30% of an entity’s adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, whichever is greater. Its important businesses act now and ensure they have the foundations in place.
Security Tools – Simply just having Anti-Virus and Anti-Spam isn’t going to keep you protected anymore. As hackers learn new techniques to bypass these technologies, it leaves your organisation open to risk. It’s important that your cyber security posture increases over time to include newer technologies such as Managed Detection and Response (MDR), which is effectively outsourcing your cyber security protection and have it monitored and managed by a team of experts. In nearly all cases, this isn’t your IT provider but an additional specialist cybersecurity company that they have partnered with.
Important to note that these newer technologies are now appearing on your cyber insurance disclosure checklist and will be affecting your coverage and premiums.
User Awareness Training – Did you know that 80% – 93%* (depending on the source) of cybersecurity breaches are caused by users being targeted by social engineering tactics? Did you also know that it has been suspected that the Optus hack was due to user error, such as accidentally exposing a system containing user data to the internet? Not a very sophisticated hack but it’s important you have documented polices & procedures, and users are trained on identifying risky behaviour. The 3 pillars of cyber security People, Process & Technology and without all 3, you will have major gaps.
Insurance – Just as we’ve seen in the United States, its becoming more difficult to obtain insurance and be adequality covered without having the right systems in place. It’s common that we are seeing coverage items excluded or invalidating insurance claims when a business doesn’t have technology or processes it claims to have, either on purpose or by accident.
Our advice is to read and understand your insurance Product Disclosure Statement (PDS)! If you have technical questions about what protections you are using, your current security posture and what compliance is in place, please feel free to reach out. If you have questions about coverage and legal jargon, this is best discussed with your lawyers to ensure you are positioned correctly in the event of a cybersecurity incident.