The Federal Government has put its planned ban on ransom payments to hackers in the ‘too-hard basket’. But what they’re doing instead should make even your small-to-medium-sized business take notice.
New proposed legislation could affect businesses across Australia, especially those with a $3M-plus annual turnover if the threshold is introduced.
Possibly from later this year, companies will be required to report any ransomware payments they make to the Australian Cyber Security Centre. This legislation is part of the government’s move to tackle the rise of cybercrime. It will also herald a new era of transparency in how businesses handle ransomware attacks.
Ransomware attacks are estimated to cost the Australian economy $2.6B annually. More than six in 10 SMEs are victims, but cyber attacks also impact their suppliers and customers. Ransomware is the second-most common cyber attack that SMEs experience (after phishing).
The risks of Non-Compliance
Not complying with the planned regulations could lead to fines of up to $15,000, which business groups say could sink small businesses. They’ve argued it should only apply to those with a $10M-plus annual turnover. However, the Federal Government plans to overhaul privacy laws could impact SMEs with a turnover of less than $3M a year. However, this will be subject to further consultation.
Why risk that cost when you could easily just report the payments?
However, the ramifications go beyond financial penalties.
Businesses that fail to report ransomware payments could also face legal risks, including potential litigation if the breach leads to leaked customer data. As well, your brand’s reputation is at risk, particularly if your clients or customers learn you’d been hiding a breach.
Transparency isn’t just a legal requirement; it’s essential for maintaining credibility in today’s digital world.
If your company has been keeping quiet about any payments made to hackers, it might be time to rethink that strategy.
Understanding Ransomware Risks
Ransomware is a type of malicious software that encrypts a victim’s computer files. The attacker then demands a ransom payment in exchange for the decryption key. This type of cyber attack can be devastating, especially for SMEs without the resources to recover from such an incident.
Then there’s the increase in double extortion tactics. That’s where attackers demand a ransom to unlock the data, and also to prevent them from releasing sensitive information to the public. It’s this double threat that makes ransomware a top cyber risks for businesses today.
Why Reporting & Transparency Are Key
Why is reporting these incidents so crucial?
By reporting ransomware payments, businesses help law enforcement and intelligence agencies better understand the threat landscape. Ultimately, it fuels more effective countermeasures against cybercrime.
As well, being transparent about your cybersecurity practices builds trust with your customers, partners, and regulators. Your business is seen to be taking the issue seriously and demonstrating a commitment to safeguarding their information. Trust is a priceless commodity in business – being more open about such threats helps boost your stakeholders’ confidence in your business.
Minimising Your Cybersecurity Risks
Here’s how to help protect your business from falling victim to ransomware attacks:
-
- Invest in robust cybersecurity measures, from firewalls and antivirus software to intrusion detection systems (and keep them updated)
- Run training (and refresher training) for your employees to recognise phishing attacks and other social engineering attacks that often occur before a ransomware attack, according to the Insurance Council of Australia
- Regularly conduct security audits to identify and address your system vulnerabilities
- Keep tabs on your finances for any unusual and unauthorised spending
- Use robust passwords with multi-factor authentication to secure your accounts and data, and
Be sure to check our list of links below to guide you on boosting your cyber security. A recent Australian university study found SMEs heavily rely on Google searches for cybersecurity information, rather than heading to authoritative sources.
Keeping Ahead of Cyber Threats
With the growing threat landscape, it makes sense to have a robust plan in place. Cybersecurity insurance can be a valuable part of your plan, offering financial protection, even access to 24/7 expertise with some policies. This approach helps give peace of mind should the worst happen.
As your insurance broker or adviser, we can help you navigate the complexities of cybersecurity insurance and find customised policy options to suit your specific needs.
Remember, when it comes to cybersecurity, the best defence is a good offence.
