Businesses need to understand the importance of being cyber safe. Cyber criminals are exploiting the global focus on COVID-19 and the new normal of working from home, to infiltrate networks and extort money.
In the World Economic Forum’s (WEF’s) Global Risks Report 2020, cyber-attacks ranked asthe second greatest risk for business globally over the next decade. During a meeting of the United Nations (UN) Security Council in May 2020, the disarmament chief of the UN reported a 600% rise in malicious emails during COVID-19.
And in Australia too, the Australian Cyber Security Centre (ACSC) warned of a significant increase in attacks on businesses with COVID-19 themed email ‘phishing’ attacks.
Cybercrime costs Australian businesses $29b each year
Abigail Bradshaw of the ACSC said that “Small businesses can be big targets for cyber criminals”. Attacks often involve cleverly disguised emails which make unsuspecting business owners and employees open malicious files. These scams and other cyber activity have cost Australian businesses an estimated $29 billion each year. One reason small to medium sized businesses are under great threat is because they do not have the sophisticated security systems and IT departments of bigger operations.
The Privacy Act requires businesses to take “reasonable steps to protect the sensitive and personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure” (APP 11.1). The consequences of not doing so can be significant.
Scammers use a variety of approaches, from setting up fake online stores selling protective gear like face masks etc and stealing the victims credit card details to taking control of a victim’s computer system and locking data until a ransom is paid. This type of extorsion is becoming more targeted and costly and recovery times can be long.
Five potential threats businesses need to be aware of:
Business email compromise, also called CEO fraud, where threat actors interject into email streams to divert funds by exploiting technological and human vulnerabilities.
Ransomware, where threat actors take control of systems and lock data until a ransom is paid.
Cloud security – the increase in organisations outsourcing data storage to cloud-based infrastructure has increased security risks.
Internet of Things (IoT) risks come from a range of products, like printers, smart TVs, and automated home assistants, many of which have poor security.
Mobile devices and Bring Your Own Device (BYOD) which connect to corporate systems may be insecure.
Six things businesses can do to help them stay cyber safe:
Awareness: Promote a ‘stop and think before you click’ message amongst their staff.
Passphrases: Ensure that they and their staff use Passphrases rather than passwords e.g. lyrics to a song. They should at least 12 characters long and include upper and lowercase letters, numbers and symbols for extra strength. Better still use two factor authentication which typically requires the user to provide a secret only the user knows (like a passphrase or PIN).
Updating: Ensure all operating systems and application software update automatically where possibleAnti-virus software: Installing anti-virus software and an ad-blocking browser plugin on staff computers to help prevent malware compromising business computers.
Backup: Keep frequent backups of all critical information and systems, ensuring that backups are stored securely off site and not connected to the network to prevent their loss due to fire, theft or malware.
Subscribe to alerts published by: Stay Smart Online: www.staysmartonline.gov.au/alert-service
Scam watch: www.scamwatch.gov.au/news
Have financial protection should an attack slip through
In the event of an attack slipping through, it’s important for businesses to have financial security to handle and remediate the situation – which may include a ransom, data and application restoration, legal advice, data breach investigation and public relations, to name just a few. The financial impacts of cybercrime can be extensive and not always obvious.
Like COVID-19, there is no cure for cybercrime, just preventative measures and having the means to remediate the situation once it has taken place. To speak to a broker about cyber insurance, contact us today.
DefendandPursue The primary trigger for Professional Indemnity is a breach of professional duty that results in a financial loss to a third party, but CLP does not need to be triggered by allegations against the insured in order to respond. Five of the seven Heads of Cover included within CLP afford legal costs to pursue a dispute with a third party, such as Contractual Disputes, Debt Recovery or Restrictive Covenants (employees breaching non-compete).
Designed to Complement, Not Replace Legal expenses insurance complements other classes of insurance as it lowers the financial burden associated with legal disputes and provides access to legal advice (without needing to trigger the policy first) and assistance which could curb the need for full-scale litigation. Free Legal Advice CLP allows the insured to receive targeted advice from a lawyer relating to any problem directly associated with their core business activities. Unlike PI, cover is not restricted to professional services. A discussion with the legal team does not necessarily equal a notification on the policy. Unless it’s identified that a section of cover is triggered, advice is treated as general, and the insured can make as many enquiries to safeguard their business as they wish.
Its all over the news, a number of direct insurers have declined claims as people were operating businesses from their homes.
Given the fact that the number of people who are operating some kind of business from home has significantly incresed we thought it may be helpful if we outline some of the thinking underwriters and insurers have around this subject.
Caveat: always ask your specific underwriter or insurer or broker what their terms & conditions are on the subject before making any decision.
You would be obliged in one way or another to tell your insurer if you start or intend to start to operate a business.
In the current business environment, the distinction between home and business have become more blurred. Unless it isyour(i.e. the insured’s) business and it is primarily run from the home, most insurers do not treat this as “conducting business from home”.
For example, if you work from home a few days a week, or do incidental paperwork at home for a business that performs the majority of its activities elsewhere, then msot insurers do not consider this to be a business run from the home.
If, however, you are running a business from your home premises, then you need to disclose this, regardless of the size or nature of the business.
Subcontractors are completing work for your customers on your behalf so you can and will be held liable for that work.
A typical example people dont think applies is an electrician coming to your business property to do some work. If they damage or injure someone whilst there you could be held liable.
If someone is injured, or damage is caused to someones property by a subcontractor, you will most likely be the one who receives the demand for compensation. Your insurer will then seek to pass on the demand to the subcontractors insurer.
Obvioulsy, it is important to make sure your subcontractors have their own adequate insurance in place, if they do not, you and your insurer may find it very difficult to recover any claim made.
You can also be potentially held liable for injuries sustained by a subcontractor whilst they are working for you. If the subcontractor has their own workers compensation, workers comp will generally finalise the claim and then seek to recover this claim from your insurer if it is deemed you have contributed in some way to the injury. A worker to worker claim like this can take years to bubble up to the surface and can be quite expensive.
There is definitely risk engaging subcontractors, be aware of the risks and mitigate them as much as you can. Your insurance broker should be talking to you about this.
Reach out if concerened about your levels of insurance cover.
If you’ve had the same insurance policies in place for a long time, there’s a good chance that your circumstances are not the same as when the policy was first taken out.
As part of our client service approach, we can handle the day-to-day management of your insurance cover. This includes holding regular review meetings to help make sure you continue to have the right level of protection and recommending changes where necessary to account for either new or emerging risks to your business.
It’s good practice to not only review your policy each year, but also when there are changes in your regular circumstances.
62% of SMEs are unlikely to have the right insurance in place to protect their business.
(QBE SMEs and Insurance Report – Pureprofile research study of 609 Australian SMEs completed for QBE Insurance during April 2019)
When should you have your policy reviewed by an insurance broker?
There are many situations that should trigger a review of your insurance policies, including changes in the following:
Levels of stock – you should ensure your policy covers the current value of your stock on hand. We can adjust your policy to reflect this value.
Staffing – if you have either increased or reduced the size of your team, this may affect the types and levels of cover you need.
Equipment and other business assets – your current policy may not cover new business assets you have purchased recently. If you have sold assets, you may be able to decrease your sum insured to reduce your premium.
New risks to your business – has the way you operate your business created any new risks to consider? For example, increased cyber risks from working in different environments.
Increased or reduced turnover can impact your business interruption policy.
New products or services you have launched.
Changes to sales channels, distributors or trade partners.
Any newly created entities may have affect your operations or have interests in assets.
Any changes to directorships.
The benefits of reviewing insurance policies
Save time – researching different policies and comparing policy wordings can be time consuming and tedious. With our innovative tools, we can quickly compare and assess different insurance products – taking the hard work out of finding the right cover.
Expertise – we can take the time to understand your business and provide options that suit you.
Save money – we help ensure you have the correct levels and types of insurance in place so that you are paying the right premium. If your circumstances have changed, we can also recommend ways to help ensure your cover is cost-effective.
Reviewing your funding options – you may wish to pay your premium for the year upfront, or in flexible monthly or quarterly instalments to assist with your cashflow. We can assist in sourcing premium funding options to suit your business.
By reviewing your current situation, we can help ensure you have the right types of cover required and the correct sums insured so you have peace of mind that you are adequately protected.
Insurance policy review process
A typical insuracne policy review will involve:
Setting up the meeting – we will set a meeting at a time and place convenient to you.
During the meeting – we can discuss any changes in your business and listen to any feedback you may have.
After the meeting – if there are any changes to your business, we can create an action plan and recommend adjustments to your policies to help ensure you are appropriately covered. We can then update your policies as required and provide you with certificates of currency to confirm your cover.
How can we help?
We take the hard work out of getting the most suitable insurance cover – at a competitive price. We have access to policies from national and international insurers – so we can help find the right one for you.
What are the key risks in the building and construction industry?
Construction projects involve multiple stakeholders and are often undertaken on challenging sites. Construction businesses must often manage changes to scope or orders, poorly written contracts and specifications and complex project management issues. They may need to deal with labour and materials shortages, or theft of tools and materials.
Subcontractors and suppliers can provide extra stress for construction firms, as can the rising number of extreme weather events. What’s more, cybercrime is an emerging threat to construction businesses, which often use insecure
connections from mobile workplaces, and share files and data with stakeholders outside the business.
Who should consider insurance?
Whether you’re an owner builder, a contractor or a large construction company, you’ll need a range of insurance covers to safeguard your workers, building and equipment.
“The construction industry generates over $350 billion in revenue, producing around 8% of Australia’s Gross Domestic Product, and has a projected annual growth rate of 2.5% in the next five years.” Australian Industry and Skills Committee, Construction, 2020
Did you know?
12,600 – The average number of serious claims per year over the last 5 years. (Safe Work Australia, Construction Industry Profile, 2015)
The construction industry had the fourth highest rate of serious claims in 2012-13. (Safe Work Australia, Construction Industry Profile, 2015)
What insurance should you take out – and what can it cover?
Insurance can protect you and your employees onsite, on the way to work and in your office.
Protects any buildings under construction and construction equipment. This cover may include protection against:
• natural disasters like fire, earthquake, storm, flood, wind and water damage
• damage to property caused by defects, theft and malicious damage or vandalism or smashed glass
• third-party personal injury and property damage.
Safeguards your business premises against:
• equipment or machinery breakdown
• employee dishonesty
• property or glass damage
• legal issues, with public and products liability
• tax audit
• theft, and theft or loss of money.
Safeguards you and your business against expenses and legal costs if your website or other systems are hacked and your system cannot be used or customers’ details are stolen.
Takes care of your valuable business vehicles with cover to:
• help if you or your staff damage another person’s vehicle
• repair your vehicle after an accident or replace it if it’s written off
• replace a lost or stolen vehicle
• safeguard you against legal liability
Protects you against legal action from a client for breach of professional duty. This
type of insurance is often required by building contracts.
What usually isn’t covered?
Exclusions, the excess you need to pay and limits of liability can vary greatly depending on your insurer and the requirements of your business.