Avoid Fines: Ensure Your SME Reports Hacker Payments

The Federal Government has put its planned ban on ransom payments to hackers in the ‘too-hard basket’. But what they’re doing instead should make even your small-to-medium-sized business take notice.

New proposed legislation could affect businesses across Australia, especially those with a $3M-plus annual turnover if the threshold is introduced.

Possibly from later this year, companies will be required to report any ransomware payments they make to the Australian Cyber Security Centre. This legislation is part of the government’s move to tackle the rise of cybercrime. It will also herald a new era of transparency in how businesses handle ransomware attacks.

Ransomware attacks are estimated to cost the Australian economy $2.6B annually. More than six in 10 SMEs are victims, but cyber attacks also impact their suppliers and customers. Ransomware is the second-most common cyber attack that SMEs experience (after phishing).

If your company has been keeping quiet about any payments made to hackers, it might be time to rethink that strategy.

The risks of Non-Compliance

Not complying with the planned regulations could lead to fines of up to $15,000, which business groups say could sink small businesses. They’ve argued it should only apply to those with a $10M-plus annual turnover. However, the Federal Government plans to overhaul privacy laws could impact SMEs with a turnover of less than $3M a year. However, this will be subject to further consultation.

Why risk that cost when you could easily just report the payments?

However, the ramifications go beyond financial penalties.

Businesses that fail to report ransomware payments could also face legal risks, including potential litigation if the breach leads to leaked customer data. As well, your brand’s reputation is at risk, particularly if your clients or customers learn you’d been hiding a breach.

Transparency isn’t just a legal requirement; it’s essential for maintaining credibility in today’s digital world.

Why Reporting & Transparency Are Key

Why is reporting these incidents so crucial?

By reporting ransomware payments, businesses help law enforcement and intelligence agencies better understand the threat landscape. Ultimately, it fuels more effective countermeasures against cybercrime.

As well, being transparent about your cybersecurity practices builds trust with your customers, partners, and regulators. Your business is seen to be taking the issue seriously and demonstrating a commitment to safeguarding their information. Trust is a priceless commodity in business – being more open about such threats helps boost your stakeholders’ confidence in your business.

Keeping Ahead of Cyber Threats

With the growing threat landscape, it makes sense to have a robust plan in place. Cybersecurity insurance can be a valuable part of your plan, offering financial protection, even access to 24/7 expertise with some policies. This approach helps give peace of mind should the worst happen.

As your insurance broker or adviser, we can help you navigate the complexities of cybersecurity insurance and find customised policy options to suit your specific needs.

Remember, when it comes to cybersecurity, the best defence is a good offence.