The Optus and Medibank cyberattacks will have ramifications for not just major Australian companies, but all businesses looking to protect themselves from future criminal cyber activity.
One of the main impacts the breaches are expected to have is on cybersecurity insurance. This will not just be through increased premiums, but also increased barriers to obtaining insurance for many companies.
The Optus and Medibank breaches – the latter of which is subject to the ongoing release of personal data by hackers – highlighted major gaps in security preparedness.
A key aspect for business owners to consider is that premiums for cybersecurity insurance are rising and it is making it very unaffordable for small to medium sized businesses, in particular.
Insurance costs have increased significantly in 2022, with some insurance companies also denying cyber insurance coverage or imposing heavy restrictions.
Insurers will assess a company’s risk management processes, cybersecurity controls and other aspects, such as legacy systems, before providing cyber insurance coverage.
However, while cyber insurance can cover a company for tangible financial losses incurred from a cyberattack, that will not be the only cost. Reputational loss and loss of confidence by customers may continue to plague a company for many years following a cyberattack.
To combat this, business owners, company boards and executives need to ensure they have an appropriate understanding of cybersecurity risks. Business owners and Boards in particular have should have the appropriate knowledge base to provide adequate governance over cybersecurity.
Notwithstanding the Optus and Medibank breaches, the prevalence and sophistication of cyberattacks has increased dramatically over the past 12 months alone. Hackers are learning how to use artificial intelligence and machine learning to maliciously raid companies’ data.
Business owners should reconsider how they deliver important communications and documents to clients and customers. Government agencies and departments should also seek to improve risk governance and cyber security requirements.
The Australian Cybersecurity Centre has guidance on baseline control measures which serves as a useful reference for data holders.
Should you wish to discuss your cybersecurity needs, please contact your HLB adviser.
This article was first published in the Summer 2022-23 issue of Financial Times.