Cybercrime shows no signs of slowing down in Australia.

ReportCyber, the Federal Government’s online cybercrime reporting service, received close to 94,000 reports in FY2023, according to the Australian Signals Directorate (ASD) Cyber Threat Report 2022-2023.

While attacks on big business may hog the headlines, small enterprises are squarely in the sights of hackers and cyber criminals too.

These individuals are intent on disrupting and defrauding, and their methods are becoming increasingly sophisticated, according to Steadfast’s Chief Information Security Officer Alexander Moskvin.

“Artificial intelligence can enable even ‘junior hackers’ to create sophisticated social engineering campaigns, featuring fake voice and video,” he says. “Even the smartest and most sceptical of targets can potentially be taken in.”

“And it’s easier than ever for perpetrators to home in on potential victims, courtesy of the fact that millions of Australians have had their personal information – email addresses, mobile numbers and personal identity data – leaked to the dark web during the last year.”

Meanwhile, businesses are at increasing risk of supply chain attacks. This kind of attack affords the perpetrators access to the systems and data of the victim’s partners and customers.

More hackers are starting to focus on this section of the ‘market’ – to the point that supply chain attacks may soon be offered as a service on the dark web, Moskvin says.

Strengthening defences

A major attack can be disruptive and expensive and while cyber insurance may help defray the costs, prevention is always better than cure. There are several ways businesses can strengthen their defences, to help reduce the likelihood of their falling victim.

First among these for SME is adopting the Essential Eight – a series of straightforward mitigation strategies developed by the ASD several years ago. They include patching applications promptly, implementing multi-factor authentication and running regular back-ups.

“They’re not fool proof but a small business that implements them across the board can become a much harder target,” Moskvin says. “Hackers will be more inclined to look for another victim whose systems offer an easier ‘in’.”

While it might not always be a full-time role, appointing a cyber owner is the best way to ensure suitable cyber-security measures are implemented and reviewed regularly.

“Unless someone is accountable for taking the actions, it’s easy for it to be everyone’s business but nobody’s task,” Moskvin says.

Keeping an eye on the security posture of your information and communication technology suppliers and partners is also a smart move, Moskvin says.

“Unfortunately, there are plenty of insecure systems on the market, so it pays to do your homework.”

Cover to help your business recover

A major cyber-attack or data breach can be disruptive and expensive. Cyber insurance is there to help your business bounce back and rebuild, should the worst occur.

To find a policy that’s right for your risk profile, contact your broker today.

Important notice

All information in this article is of a general nature only.  This article does not take into account your specific objectives, financial situation or needs. Deductibles, exclusions and limits apply. You should consider the Product Disclosure Statement in deciding whether to buy or renew cyber insurance.  Various insurers issue this type of insurance. Cover can differ between insurers.