In the coming years, cyber risk is forecast to substantially cost businesses globally in lost revenue. Last year, we suggested that Small and Medium-sized Enterprises (SMEs) in Australia were the “low hanging fruit” for threat actors. Though this year’s statistics are no different, the story takes a different turn with many SMEs unaware of their regulatory obligations. Do SMEs think they are above the law?
While larger companies seem to understand their obligations, SMEs may have missed the memo. Less than one third (31%) of Australian SMEs are aware of their obligations under the Notifiable Data Breaches (NDB) and just under half (47%) say they are not aware. One in five (21%) of those surveyed say they did not fall under the scheme.
The overconfidence in being able to manage cyber risks still exists among SMEs in Australia. 79% of respondents are confident they can overcome a breach by sophisticated hackers within 24 hours, while 32% believe that they will not experience a cyber attack.
In fact, 49% of SMEs have experienced a cyber incident in the past year. Employers are also not confident (41%) that their employees who have access to sensitive data are fully aware of their data privacy responsibilities. Yet, less than half (49%) of SMEs have a data breach response plan.
Currently, only one quarter (27%) of SMEs have cyber risk insurance, while half (50%) have never been covered. Nearly one in ten (9%) have let their cover lapse while a further 14% weren’t sure if they have cover or not. Half (49%) of SMEs did not purchase insurance either before or after an incident – still a high number, but an improvement on the 62% from 2018.
With SMEs making up 96% of all businesses in Australia, they will be hardest hit by cyber incidents without good risk mitigation, incident response planning and the consideration of cyber insurance.
These findings, based on the Chubb SME Cyber Preparedness Report 2019: Ignorance is Risk, show that there is a need for SMEs to be aware of their regulatory obligations, and to be better prepared to prevent and overcome cyber incidents.
Ignorance is Risk - Australia SME Cyber Preparedness Report 2019
This content is brought to you by Chubb Insurance Australia Limited (“Chubb”) as a convenience to readers and is not intended to constitute advice (professional or otherwise) or recommendations upon which a reader may rely. Chubb Insurance Australia Limited (Chubb) makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content. Readers relying on any content do so at their own risk. It is the responsibility of the reader to evaluate the quality and accuracy of the content. Reference in this content (if any) to any specific commercial product, process, or service, and links from this content to other third party websites, do not constitute or imply an endorsement or recommendation by Chubb and shall not be used for advertising or service/product endorsement purposes. Any references to insurance cover are general in nature only and may not suit your particular circumstances. Chubb does not take into account your objectives, financial situation or needs and any insurance cover referred to is subject to the terms, conditions and exclusions set out in the relevant policy wording. Please obtain and read carefully the relevant insurance policy before deciding to acquire any insurance product. A policy wording can be obtained at www.chubb.com/au; through your broker or by contacting any of the Chubb offices. 2020 Chubb Insurance Australia Limited ABN: 23 001 642 020 AFSL: 239687. Chubb, its logos, and Chubb.Insured.SM are protected trademarks of Chubb.