Globally, a cyber breach to professional services businesses cost an average AU$6.77 M per company in 2023 – and it takes businesses from all sectors an average of 204 days to identify the breach, then another 73 days to contain it.
If you’re relying on your firm’s internal security teams and tools to identify the breaches, they’ll miss two-thirds of the attacks. This is a cyber hacker’s priority list: data about customers, employees, intellectual property, then anonymised customer data and other corporate data.
Here’s how data breaches cost businesses:
- Detection and escalation, such as cost to investigate, assess, audit, crisis manage, and communicate results of investigations to leadership
- Lost revenue, system downtime, customer exodus, cost to acquire new customers, reputational damage
- Notifying third parties, data subjects, regulators and paying penalties/fines.
The Rising Threat of Data Breaches in Professional Services
Cyber criminals are becoming increasingly sophisticated. Rising threats of data breaches in the professional services sector include:
- Phishing or stolen or compromised credentials
- Unknown vulnerability
- Cloud misconfiguration/security
- Business email compromise
- Social engineering
- Weak security for staff/contractors working remotely
- Ransomware
- Physical security compromise
- Breaches through supply chains.
Surprisingly, businesses that use artificial intelligence and automation extensively save on data breach costs. They can identify breaches quicker and contain them 100 days faster on average than those not using this tech.
Understanding Cyber Insurance
Cyber insurance, also known as cyber security insurance or cyber liability insurance, aims to protect your professional services firm from the compromise, theft, or loss of the electronic data you’ve collected. Coverage generally will:
- Protect you against cyber risks
- Help you deal with cyber attacks and incidents through expert advice
- Offer financial support for damage cyber incidents cause, such as investigation costs, credit monitoring services, possible legal responsibilities, etc.
- Fund lawyers to deal with the fallout of your firm’s data breaches
- Demonstrate to your customers and regulators that your business takes cyber security seriously
- Provide support to bolster your system – repairs, or replacement, for instance.
However, here are the exclusions to a cyber insurance policy:
- Insiders or employees causing the cyber events
- Infrastructure failures
- Loss of your intellectual property value
- Pre-existing breaches or those that happened before you bought the policy
- Failure to fix a known vulnerability.
Selecting the Right Cyber Insurance Policy
Determining the right policy for your business involves considering your annual revenue, industry sector, business size, type of coverage, and risk profile. Often, you’ll be asked to submit a cyber security audit to help determine the best policy for you. So, how can your business show its best cyber health?
Cyber Resilience Best Practices
The Australian Securities & Investments Commission lists 11 good cyber security practices (you’ll also find more tips under ‘useful links’ below).
Additionally, the Federal Government has allocated $7.2M in funding to set up a voluntary cyber health check program for small businesses. The government is also in the process of setting up its Small Business Cyber Resilience Service – so watch this space for updates.