skip to main content

Cybersecurity risks are critically challenging for businesses, with the potential to cause severe business disruption and financial impact. And they are on the rise — according to the Chubb Cyber IndexSM claims data, there’s been a 1,215% increase in the number of commercial cyber insurance claims over the past 10 years.



Understanding the threats and how cyberattacks work can help you keep hackers at bay and better prepare and protect your business. 

The "domino effect"

What is often not understood prior to a cyberattack is that the negative fallout of an incident can create a rapid downward spiral. As business becomes progressively impaired, reparation costs quickly escalate.

  • The first domino — lost business cost. When websites or computer systems are attacked and taken offline, virtual storefronts may be rendered unusable by customers, and transactions may not be able to be processed. Though brick and mortar stores may still be open, with the virtual enterprise “closed,” customers and clients go elsewhere.
  • The second domino — lost customers and reputation cost. If personal customer information (such as credit card numbers) is stolen, it shakes consumer confidence. A breach is often compounded by bad press, which can cripple brand reputation and lead to more devastating customer attrition.
  • The third domino — restoration costs. After any cybersecurity incident, the tasks of restoring digital data, software, computer systems — and reputation — require money, time, personnel, and often expensive outside resources.
  • The fourth domino — legal and settlement costs. When a cyberattack negatively impacts customers, vendors, suppliers, or others there are often legal ramifications. Lawsuits can be extremely costly and time consuming to defend.



When these dominos start to fall, the increasing costs may bring a business to the point of bankruptcy.



Computer hacker

How cyber criminals gain entry

There are a number of ways that cyber criminals can gain access to a company’s website or internal server to steal data or otherwise attack a business. These include:

  • Insufficiently securing electronic devices that have legitimate server access, such as computers or tablets.
  • Exploitation of weak employee passwords or lax password precautions.
  • Taking advantage of a power or internet service failure (that may or may not be caused by bad actors).
  • Active attacks that exploit security flaws and often employ sophisticated malware or techniques, like ransomware, credential stuffing, and phishing.



Protecting your business from cyberattacks

Although stopping cyber criminals may seem like a formidable task, there are a handful of simple measures that companies can use to create their own cyber risk management program and limit their exposure.

  • Update IT equipment and security software — Outdated operating systems and computers, outdated or unpatched software are easily breached by criminals.
  • Diligently monitor networks — Abnormalities, if caught quickly, can limit company damage. A cybersecurity expert can identify high risk areas, and there are security software offerings that can offer monitoring solutions.
  • Educate employees on cybersecurity vigilance — According to the 2019 Chubb SME Cyber Preparedness report, only 43% of SMEs in Australia are investing in the training of employees to improve their overall cyber risk management. Make sure your staff understand the important role they have in preventing a cyber breach and help them establish positive and secure habits with formal, enforced written cybersecurity policies and regular training.
  • Require good password hygiene — This is an integral part of any cybersecurity policy. Passwords should be strong (e.g., a mix of letters, numbers, and symbols) and be frequently changed, When employees leave the company, their passwords should be automatically decommissioned.
  • Create a cyber incident response plan — If it’s within your team’s capabilities, some incidents can be mitigated with a prepared plan and a team of both internal and external cyber responders. With a strategy and experts in place, response to and resolution of an incident can occur more quickly.
  • Purchase cyber insurance — While proactive measures are essential, a back-up plan is required to cover for cyber risk. A good cyber insurance policy will provide access to loss mitigation services and incident response management to help you react and recover quickly in the event of an attack.

This content is brought to you by Chubb Insurance Australia Limited (“Chubb”) as a convenience to readers and is not intended to constitute advice (professional or otherwise) or recommendations upon which a reader may rely. Any references to insurance cover are general in nature only and may not suit your particular circumstances. Chubb does not take into account your personal objectives, financial situation or needs and any insurance cover referred to is subject to the terms, conditions and exclusions set out in the relevant policy wording. Please obtain and read carefully the relevant insurance policy before deciding to acquire any insurance product. A policy wording can be obtained at www.chubb.com/au, through your broker or by contacting any of the Chubb offices. Chubb makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content. Readers relying on any content do so at their own risk. It is the responsibility of the reader to evaluate the quality and accuracy of the content. Reference in this content (if any) to any specific commercial product, process, or service, and links from this content to other third party websites, do not constitute or imply an endorsement or recommendation by Chubb and shall not be used for advertising or service/product endorsement purposes. ©2020 Chubb Insurance Australia Limited ABN: 23 001 642 020 AFSL: 239687. Chubb®, its logos, and Chubb.Insured.SM are protected trademarks of Chubb.