SMEs increasingly targeted by cyber criminals

Tens of thousands of Australian SMEs are unprepared for the expected surge in cyber attacks this year, says insurtech boss

SMEs increasingly targeted by cyber criminals

Insurance News

By Mina Martin

Tens of thousands of small- and medium-sized businesses (SMEs) across the country remain unprepared – and are increasingly vulnerable – to the expected surge in cyber attacks this year, according to specialist insurtech Edmund Insurance.

“The threat to SMEs is the same as for larger businesses, but many of them underestimate it,” said Richard Smith, founder of Edmund Insurance. “The concern is that criminals are now directly targeting SMEs, and there are a number of reasons why, including the perception that they are easier to attack because their security policies are not robust or sophisticated.”

The Telstra Security 2018 Report found that 47% of Australian businesses who became victims of ransomware paid the ransom, and 83% would pay the ransom again.

“SMEs are more likely to pay ransoms due to the chances of them not having backups in place and due to their abilities to make such decisions quickly,” Smith said. “Criminals realise this and consequently, the greatest number of cyber attacks on SMEs this year is expected to be in the form of ransomware. Another reason why criminals attack SMEs is that they hold quality data, for example credit card or health data. This data has value.”

Smith said criminals also target SMEs “to get to larger ones,” citing an October 2017 attack where the cybercriminal had stolen sensitive data from the network of a 50-person aerospace engineering firm that subcontracted to the Department of Defence.

“Government and private enterprise are now seeking to manage this supply chain risk via contract, and many commercial contracts are now including a clause for parties to maintain certain levels of security and also carry cyber insurance,” Smith said.

Smith also warned SMEs against the “unprecedented volume” of social-engineering fraud attacks, or business e-mail compromise. These attacks occur when criminals pretend to be customers, suppliers, or high-profile individuals within businesses and trick staff into paying large sums of money into the attackers’ bank accounts.

“These attacks are usually successful where internal payment controls either break down or don’t exist, and criminals have successfully stolen funds from all types of businesses, large and small,” Smith said.

Edmund is underwritten by leading insurer, Munich Re Syndicate at Lloyd’s.

 

Keep up with the latest news and events

Join our mailing list, it’s free!