SME businesses leave themselves exposed to computer hackers

SME businesses leave themselves exposed to computer hackers

SME businesses leave themselves exposed to computer hackers Businesses are doing little to stop thieves from hacking their computers and accessing sensitive information, according to a University of Canberra cyber insurance research paper. 

The paper by the University’s Centre for Internet Safety (CIS) in collaboration with leading global insurer AIG, highlights that 65% of small/medium businesses’ sensitive or confidential information is not encrypted or safeguarded by cyber insurance.

 “Businesses know to lock up their doors and protect their physical assets, but the widespread lack of digital protection is leaving them vulnerable to theft and exploitation from cyber criminals,” Nigel Phair, co-director of the CIS said.

Phair said that with upcoming changes to the Privacy Act and growing concerns around data breaches, organisations need to consider a suite of measures to protect their businesses.

“Standard business insurance policies only cover tangible assets with electronic data while cyber insurance coverage will also protect recovery of lost data, business interruption costs and even legal fees, among other losses, ” AIG’s Australasian professional indemnity manager, Matthew Clarke explained.

“Cyber insurance offers coverage for liability that arises from unauthorised use of, or unauthorised access to, electronic data or software within an organisation’s computer network or business,” Clarke said. “It can also provide coverage for liability claims arising from network outages, the spreading of a virus or malicious code, computer theft or extortion.” 

Alastair MacGibbon, also co-director of the University’s CIS, added that: “As businesses navigate a shifting online risk landscape, they face a range of evolving challenges, including privacy, security and intellectual property liability, so they have to be prepared.”

He said it is an organisation’s obligation to protect their customers’ personally identifying information, including their financial data, and to put mechanisms in place to stop the loss of this information.