Over the last 12 months, a cybercrime report was made every 8 minutes in Australia, an increase of nearly 13% from the previous financial year. Also, one in three New Zealanders have reportedly fallen victim to cybercrime.
Aside from people feeling shocked that this could happen, cybercrime is causing a big economic impact too, with financial losses now totalling more than AUD$33 billion in Australia and NZD$198 million in New Zealand in the last financial year.
And cybercriminals aren’t just targeting large businesses. According to the Australian Cyber Security Centre, small businesses made a higher number of cybercrime reports; however, medium-sized businesses had the largest reported losses due to cybercrime, losing on average AUD$33,442 per cybercrime report - over AUD $14,000 more than the average loss for large businesses.
Why are they targeting small and medium businesses? Often because small to medium businesses don’t have sophisticated IT security systems often found in larger companies.
Haydn from Alltorque Diesel in Western Australia fell victim to a type of cybercrime called ‘business email compromise’ which now accounts for approximately AUD $80 million of all cybercrimes. Two months ago, cyber criminals intercepted emails between Hayden and a customer, allowing the criminals to impersonate Alltorque Diesel.
The criminals sent emails to a customer explaining Haydn had changed the business bank accounts. They had even managed to set up a false bank account in Alltorque Diesel’s name, making them seem legitimate.
Haydn noticed that something was wrong when the customer missed a payment, something that seemed off, as the customer regularly paid on time. When he rang to enquire, the customer explained about the bank account change.
After reports to the cyber fraud squad, and multiple bank claims later, Haydn has had to wear half of the cost of the transaction. He is transitioning away from the old email address, even though it is a Microsoft account and he thought it would be secure.
Ransomware also remains one of the most disruptive threats to businesses, with an increase of over 15% over the last 12 months. Peter from BP Tanawha in Queensland discovered just how disruptive ransomware can be.
Around two years ago, cyber criminals were able to shut down Peter’s petrol station by getting access to his systems through TeamViewer or email. The criminals held two points of sale, back office and petrol pumps hostage through the use of ransomware.
What started as demands for $2,800 soon grew to over $48,000. After receiving support to clear his system on a Friday, Peter thought he was clear, before he arrived to work on Monday and the same smiley face and countdown appeared demanding money again.
As all of his IT systems were integrated, Peter has had to replace all of his hardware and software, as well as wear the cost of the interruption to his business. He was surprised cyber criminals would be interested in hacking a business like his.
He says he has always been careful when accessing emails and files on the internet, and he checks in regularly with his software partners for updates to security protocols. Nonetheless it really can happen to anyone, and Peter has spoken to a few local businesses who have had similar attacks on their IT infrastructure.
If you don’t have IT security in place, we highly recommend you speak to a specialist as soon as possible to set up your first line of defence. You may as well make it as hard as possible for criminals to get into your system.
The other step we encourage every Member to take is purchasing cyber insurance. If you do fall victim to a cyberattack it is important to act fast, and having cyber insurance allows you to do just that. Depending on your policy, cyber insurance may cover:
- Loss of revenue from interrupted business
- Hiring negotiators and paying a ransom
- Recovering and replacing records or data
- Liability and third-party loss
- Defence of legal claims
- Preventing further attacks.
Having cyber insurance gives you access to IT specialists who can access your IT system, stop any further damage, and attempt to undo the damage done by the criminals.
The policies are relatively inexpensive, and although they won’t prevent an attack from happening, they can make all the difference in keeping the costs involved in the clean-up under control. It may be a worthwhile investment for your business.
To find out more about cyber insurance, contact your Risk Account Manager today or visit capricorn.coop/risk
AU: Products sold through Capricorn Risk Services Pty Ltd (ABN 93 111 632 789) are: (i) discretionary risk protection products issued by Capricorn Mutual Ltd; and (ii) general insurance products issued by a range of insurers and brokered through Capricorn Insurance Services Pty Ltd. Before deciding to acquire any product you should consider the Product Disclosure Statement available from Capricorn Risk Services Pty Ltd to see if the product is appropriate for you. Capricorn Risk Services Pty Ltd is a Corporate Authorised Representative (No. 460893) of Capricorn Mutual Ltd (AFSL 230038) and Capricorn Insurance Services Pty Ltd (AFSL 435197).
NZ: Products sold through Capricorn Risk Services Pty Ltd (NZBN 9429041139813) include discretionary risk protection and general insurance products. Discretionary risk protection is issued out of Australia by Capricorn Mutual Ltd. Before deciding to acquire discretionary risk protection you should consider the Product Disclosure Statement to see if it is appropriate for you. This can be obtained from Capricorn Risk Services Pty Ltd by phoning 0800 555 303 via email info@capricornrisk.com or by visiting website capricornrisk.com. General insurance products are issued by a range of insurers and are available through Capricorn Risk Services Pty Ltd as a member broker of PSC Connect NZ Limited. Capricorn Risk Services Pty Ltd is a registered financial services provider (390446) and a corporate Authorised Representative (No. 460893) of Capricorn Mutual Ltd (AFSL 230038).