Do you understand your risk of a ransomware attack?

Australian small and mid-sized businesses are targets for cybercriminals. Here’s what you need to know.

Cybercrime is big business, with the cost estimated to reach $6 trillion by end of 2021, and the Asia Pacific an increasingly popular target. In addition to this, last year it was discovered that the restaurants and hospitality sector had been specifically targeted with malware developed especially for this purpose, via commonly used point of sale software. The industry is a target because of our use of payment systems and access to customers’ personal information.

Many cyber attacks take the form of ransomware, a form of cybercrime that has skyrocketed by 102% in 2021 compared to last year, according to Check Point Research, with attacks on Australian businesses now occurring every 11 seconds.

Ransomware attacks typically combine immobilising operations with demands for money. Cybercriminals use introduced malware to lock computer systems by encrypting all connected electronic devices, folders and files, rendering systems inaccessible. The attackers then demand a cryptocurrency ransom in return for the decryption keys or to prevent them from releasing stolen data.

Who’s at risk?

In Australia victims of ransomware attacks range from not for profits to abattoirs. A business’s vulnerabilities, or attack surface, may include supply chain or vendor relationships, with the agricultural supply chain recently targeted and, causing interruption to milk distribution, for example.  

Organisation size is also a factor: small companies of 11‒100 employees account for some 30% of security breaches and medium sized companies of 101‒1000 for about 40%, with probability diminishing with increased size. Thinking your business is too small to be a target is erroneous logic – the opposite is true, often because smaller enterprises may not have comprehensive cyber security in place.

What happens if your business is the victim of a ransomware attack?

In this situation victim businesses have to ask if they are prepared to pay the ransom. This may depend on factors such as whether the hacker is still in the system, what the business’s legal obligations are and if the cost of the down time for remediation is worth the ransom payment. 

Your business being a victim of a ransomware attack requires a comprehensive response, and this involves significant costs. These can range from forensic analysis to ransom negotiations, remediation and third party notifications.

Using insurance to transfer cyber risks 

Combined with risk management, cyber insurance can help boost business resilience against cyber attack impacts. 

Critically it can provide access to Bitcoin and trained negotiators to deal with extortion and remediation costs, as well as crisis management costs and third party liability for lawsuits from regulators, business partners and affected individuals. 

Ask yourself: is your business protected?

Find out more about Gallagher restaurant and catering insurance

Watch our webinars

Top Cyber Risks for Boards of Directors

Cyber Attack Simulation