The Cost of Cyber Breach Recovery: What Business Owners Need to Know

I can't stress this enough, but cyber breaches aren't just a "big company" problem. Australian small businesses are increasingly targeted, and the costs can be devastating.

Before I note down some numbers, I want to make it clear that this is NOT about me, or Microsolve - this is about calmly and rationally explaining the risk that each and every business owner faces on a daily basis.  Cyber Risk management is no less important than hold-up protection, just less understood from a recovery and cost perspective.

Understanding the Risk

In 2022-2023, 94,000 reports of Cyber-crime were reported to the Australian Cyber Security Centre (ACSC).  There are some 2.5M registered businesses in Australia, so these numbers show that 3.7% of businesses experienced some form of cybercrime in that period.

According to the ABS, in the 2022/23 period 49,490 property break-ins were reported to Police (this number includes both business and residential break-ins). Let's assume a 50/50 split between residential and business giving an estimated 25,000 business break-ins in the same period.  This equates to 1% of businesses experiencing break-ins.

Why have I calculated this?

Your business is 3.7x MORE LIKELY to experience a Cybercrime event than a break-in.

The Real Cost of Cyber Breaches for Businesses

According to the 2022/23 ACSC threat report, the average cost of a cyber incident in Australia is between $45,965 and $97,203. At a guess, an expected cost of the magnitude would seriously impact (or exhaust) the cash reserves of most businesses.

When we talk about breach costs, it's not just about the immediate hit to your bank account. There are two main types of costs: those you can easily calculate and those that are harder to pin down.

The Obvious Costs

1. Fixing the Problem: This includes hiring experts to stop the breach and repair your systems. The average cost for this (refer above) is between $45,965 and %$97,203.
2. Lost Business: If your systems are down, you're not making money. The average small business loses about $8,000 per hour during an IT outage.
3. Legal Fees and Fines: Depending on what kind of data was breached, you might face legal action or government fines. Even small fines can add up quickly.
4. Notifying Customers: You'll need to let your customers know what happened, which takes time and money.

The Hidden Costs

1. Damaged Reputation: This is hard to measure but can be the most painful. Customers might not trust you with their information anymore.
2. Increased Security Spending: After a breach, you'll likely need to invest more in your security to prevent it from happening again.
3. Higher Insurance Rates: If you have cyber insurance, expect your premiums to go up after a breach.
4. Lost Productivity: While you're dealing with the breach, you're not focusing on growing your business.

Won't my IT guy "Just fix this"?

Unless you have a specific "Cyber recovery" service included in your support agreement, it is unlikely that your IT provider/MSP is going to provide the assistance that you need and certainly not within any cost agreement structure that you have in place!

For all but the simplest malware infections, you will need to engage a cyber recovery specialist who is skilled in:

• Identifying how the attack occurred
• Quantifying what has been impacted
• Stopping the attack if it is ongoing
• Preventing recurrence
• Assistance in getting your systems back online
• Providing information for regulatory authorities

Keep in mind that while these services will generally get you back online, they might not cover everything, like dealing with the press, clients or legal issues.

Cyber Insurance: A Safety Net for Businesses

My STRONG recommendation is that any business with any sort of IT environment cyber insurance will be the difference between bouncing back from a breach and closing up shop. A good policy might cover:

• The cost of investigating what happened
• Legal fees and any fines you might face
• Help managing your reputation after the breach
• Money lost while your business is down
• Ransom payments if your data is held hostage

But be careful – not all policies are created equal. Make sure you understand exactly what's covered before you sign up.

Protecting Your Business: Simple Steps That Make a Big Difference

Five simple steps to keep your business safer:

1. Use Strong Passwords: It's simple, but it works. Use a password manager to keep track of complex passwords.
2. Keep Everything Updated: Always install the latest updates for your software and systems.
3. Train Your Team: Make sure everyone knows the basics of staying safe online.
4. Back Up Your Data: Regularly back up important information so you can recover quickly if something goes wrong.

The Bottom Line

For any business, a cyber breach can be a make-or-break moment and is statistically over 3 times more likely than a break-in! The costs – both obvious and hidden – can be overwhelming. But by taking some simple steps to protect yourself and considering cyber insurance as a safety net, you can significantly reduce your risk.

A suggestion if I may - invest in your digital security today – your future self will thank you!