Updated: Jun 4, 2020
There is a perception and false sense of security that your outsourced IT team can protect your business against all cyber threats. This often leads to SME businesses thinking that cyber insurance is unnecessary.
Your IT Managed Service Provider (MSP) is your first line of defence. Among other things, they monitor the activity on your network, keep anti-virus software and firewalls up to date and try to keep the bad guys out. But with over 350,000 new malicious programs (malware) being created every day, one will slip through and wreak havoc on your system.
The most common threats to a business are ransomware, data breach and social engineering scams. In the event you are the victim of one of these threats, while your MSP may be able to assist you in some capacity, here are 5 things they won’t be able to help you with:
1. Mandatory Data Breach Notifications
Under the Mandatory Data Breach Notification Scheme, entities subject to the Privacy Act 1988 with turnover greater than $3 million or less where they are health service provider and credit providers among others must report an eligible data breach.
Examples of a data breach includes when a device containing customers’ personal information is lost or stolen; a database containing personal information is hacked; and personal information is mistakenly provided to the wrong person.
Failure to notify of a data breach or serious or repeated interference with the privacy of an individual can result in penalties of up to $2.1 million
2. Legal Costs and Expenses
The legal ramifications following a data breach or cyber attack can be significant. Not only do you need advice and guidance on your regulatory obligations but you may also liable to third parties.
For example, if you hold data (eg personal data, intellectual property) that belongs to another company you may be liable for any losses that arise from the loss of that data.
3. Damage to your reputation
A recent survey conducted by Chubb Insurance, found that the biggest concern with SME businesses following a cyber incident is their relationship with customers. Under the Privacy Act, you are required to notify your customers if their data has been breached. Depending on the severity of the data breach it can result in a loss of customers, loss of contracts and ultimately damage to your reputation. Being on the front foot with a data breach and engaging a lawyer and public relations consultant to communicate the data breach to your customers will minimise the damage to your reputation and brand.
4. Loss of Income from Business Interruption
Most businesses are dependent on their computer network to generate income. A ransomware attack will block access to your computer system or computer files until a ransom is paid. While you work out how you’re going to respond to this attack, the clock is ticking. Whether it is lost billable hours, lost sales for an on/offline retailer or a halt to the manufacturing production line a ransomware event can take days to weeks to recover from and it translates to lost income for your business.
5. Loss of Money from Cyber Crime
The ACIC reported that cyber crime is costing the Australian economy up to $1 billion annually. This is money paid by businesses for ransomware, money loss through phishing attacks where login credentials and credit card numbers are stolen; and business email compromise scams where people are tricked into transfer money or paying invoices purportedly from someone known to them. Can you afford to lose money?
As you can see, your MSP can’t help you with the costs and expenses associated with a cyber attack or your regulatory obligations.