Curbing Cyber Attacks

• 11 October, 2023

Small to medium businesses operate in a very different environment to their larger counterparts and require targeted advice to better defend themselves against cyber security threats. 

Small to medium enterprises (SMEs), including real estate agencies, are particularly vulnerable to cyber-attacks, as they often have limited resources to dedicate to cyber security. In fact, the recent Australian Cyber Security Center Small Business Survey 2022 highlighted that nearly half of the respondents spent less than $500 annually on cyber security. 

Investing in cyber security is crucial to protect your operations and reputation. While the cost of cyber security measures will vary depending on the size and complexity of the business, it’s generally recommended that SMEs allocate a minimum of five to 10 per cent of their IT budget to cyber security. 

Average cost of a cyber attack 

The impact of a cyber-attack on a SME can be significant and it can be challenging for a small business like a real estate agency to recover from the financial and reputational damage caused by a successful attack. Investing in effective cyber security measures is critical in order to minimise the risk and potential cost of a cyber-attack. 

The costs stemming from a cyber-attack can vary tremendously, but are significant.  

Costs associated with a cyber-attack include the direct expenses associated with the incident, such as remediation and recovery costs, legal fees and lost productivity. There are also indirect costs such as reputational damage and loss of customer trust, which are challenging to quantify but can have a significant impact on the long-term success of a business. 

Cyber trends in 2023 

• Growing regulatory scrutiny.The Australian Government has announced an overhaul of privacy legislation following high profile and significant data breaches in late 2022. The most notable change proposed for small businesses is the removal of the previous exemptions under the Privacy Act for SMEs with less than a $3 million annual turnover. Removal of this exemption would mean that many more SMEs (including real estate agencies) will be subject to the notification requirements of the Notifiable Data Breaches Scheme following a privacy breach. 
• Business email compromise and social engineering threats. Social engineering losses and associated instances of business email compromise remain a key loss area for SMEs. The most common scenario is interception of a supplier invoice by a threat actor to amend invoice bank details or a threat actor impersonating a supplier to seek payment from a business. 
• Ransomware threats. While the frequency of ransomware seems to have stabilised, the severity of this threat remains. It’s a common myth that only large companies are impacted by ransomware. This form of cyber-attack can cripple IT systems, websites, customer data and payment systems. Ransomware poses a major operational risk to businesses of all sizes, industries and revenue, threatening the financial stability of a small business due to the loss of revenue, IT recovery costs, network remediation and the cost of paying the ransom (if the business chooses to do so). 

Cyber insurance 

A Cyber insurance policy can be an extremely valuable risk transfer tool for every business. Having cyber insurance cover can help protect your agency's reputation adn finances and can help minimise any damage or disruption from the cyber-attack.