Story image

Kiwi SMEs, insure against cyber attacks or pay the price

25 Mar 15

Kiwi companies are underestimating the risks of cyber attacks, even though there's a growing number of incidents as threats become more sophisticated and targeted, says a commercial insurance expert.

New Zealand SMEs in particular have been slow to include cyber insurance in their business protection plans, but are also more likely to be at risk due to a lack of IT support and the increasing frequency of attacks, says Jonathon Gillham, Apex Insurance special risks team account director.

“Only around one in every 300 (0.3%) businesses in New Zealand are estimated to have cyber insurance,” says Gillham.

“The majority of those that do have protection are large companies or companies that operate in the software industry who are very aware of the dangers,” he says.

However, Apex Insurance says there is a real risk for any company that holds an electronic database with client information or operates an email system.

“A database could be hacked and private information can be accessed such as credit card details of all the customers.

“In terms of emails, a virus could be spread from a company’s email system, and that company could be liable for the damage that does to others’ systems,” says Gillham.

“Obviously some businesses have much more to lose in this regard than others. For example, if a patent attorney was to be hacked, the losses for intellectual property stolen could be in the millions,” he says.

While large companies usually have IT services on hand to ensure virus protection software is up-to-date and cyber security is as tight as possible, SMEs often don’t spend money on cyber defences or have specialist support on call which puts them at greater risk, says Apex.

In response to this, Apex says it’s becoming more common for cyber insurance to be included as part of a management liability package for businesses.

Apex says there are two main types of cyber insurance in New Zealand.

The first is for business interruption, which will cover lost revenue for the days when a company is unable to trade, and the cost of IT specialists needed to fix problems caused if a cyber attack occurs.

The second is liability cover, which protects a company in the event that a hacker obtains personal data such as credit card information, and the company then has to cover clients’ costs for replacements.

While cyber insurance is fairly new in New Zealand, there have already been some substantial claims made, according to Apex.

“There have been a handful of claims in the hundreds of thousands of dollars range. It’s not on the scale of the US, where there have been some claims in the tens of millions of dollars, but it is happening,” Gillham says.

“People assume we aren’t a prime target here, but one local digital advertising company we are aware of is attacked once a week by hackers they have traced to Korea.

“All they can do is keep upgrading their security to try and stop them getting in,” he says.

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.