Australian SMEs remain unaware of cyber obligations

As one of the world’s largest and longest serving cyber insurers, at Chubb we believe we have a responsibility to raise awareness about the issues that businesses face when managing cyber security. 

While larger companies seem to understand their obligations around cyber risk, Chubb’s research indicates that many Small-to-Medium-Enterprises (SME’s) are unaware of the seriousness of the threats they face from cyber incidents and the ultimate impact it can have on their bottom line. 

Through our annual Chubb SME Cyber Preparedness Reports, we have been looking at how Australian SMEs are approaching cyber risk from the standpoint of both proactive risk management and incident response. In the 2019 report – ‘Ignorance is Risk’ – our research also looks at the lack of awareness SMEs have of their obligations since the introduction of 2018 Notifiable Data Breach (NDB) scheme. 

SMEs make up an important sector of the Australian economy accounting for almost 96% of all registered businesses and employing around three million people*. Unfortunately though, we found just under half (47%) of SMEs responding to our survey were not aware of their obligations under the NDB scheme.

The common forms of cyber incidents

Even those SMEs who say they are aware of their obligations were unclear what types of incidents require notification. The most common incidents faced by Australian SMEs in our latest research were phishing compromises (21%), data loss (15%) and business interruption (13%) as a result of systems malfunctions or technical faults.

The problem with cyber security confidence

There is some good news. In the research we conducted this year one in every two SMEs (49%) had been a victim of a cyber incident, down from 64% of respondents in 2018.

However, rather than increased vigilance, our research indicates misplaced confidence among SMEs when it comes to cyber risk preparedness. So much so that one-third of business leaders we polled (32%) said they believed their businesses were immune to cyberattacks and 79% are confident they can overcome a cyber breach by sophisticated attackers within 24 hours. 

The role of cyber insurance 

Mirroring this over-confidence, the research shows there has been little improvement in the number of SMEs taking out cyber risk insurance with only one quarter (27%) of SME’s currently having cyber cover (a figure similar to 2018) while half (50%) have never been covered.

As a leader in the industry, Chubb will continue to work with the SME community to promote awareness of cyber threats and share expertise on risk management. In addition to these surveys, the Chubb Cyber Index is a great example of our efforts to support brokers and customers in tackling cyber security. It provides data driven insights across all industries based on the real cyber incidents that Chubb is handling. 

The reality is that as the digital economy grows, so does the cyber risk landscape threatening all organisations. For businesses of any size, cyber insurance needs to be considered as an important risk management tool, alongside public liability and fire protection. Basic, proactive steps like password protection, incident response planning, employee training and software management are also essential. Being ignorant of cyber perils is a risk SMEs can ill-afford.

To read more about our findings, you can download the Chubb SME Cyber Preparedness Report 2019.

* Source: Australian Bureau of Statistics, 2017