What’s it worth to cover your butt?

Do you have adequate cyber protection? With cyber attacks up five times in the Central West from this time last year, too many businesses we speak to assume that because they have an IT person or a web designer, they’re safe.

And that worries us.

Why? Because it’s often not the case. A few important facts for you to consider:

  • If you’re paying around $15 – 30 / month, you don’t have all the cyber protection you need.
  • Most systems, including O365, are NOT secure by default.
  • It is your responsibility as a business owner to mitigate the risk of a cyber attack – even if you have an IT provider like Colton, if you don’t take their advice, you’re liable for up to $50 million.

When we mention the cost of cybersecurity, some companies shake their heads and say it’s too expensive. However, they’re unsure of how much it costs them to NOT have a robust, round-the-clock cyber protection service in place.

So, let’s take a 101 look at what you need to cover your butt, and how much it can cost you not to.

Is there value in DIY cybersecurity?

Qualified and experienced cybersecurity specialists are in short supply worldwide, and a mid-level professional can command an average annual salary of between $90,000 and $130,000 in Australia. While you may have someone in the business who happily (or otherwise) volunteers to take responsibility for your cyber defences on top of their normal role, this is a high-risk and stressful strategy for everyone involved.

The expectation that attacks will all come via your website (and therefore are the domain of your web developer) is a narrow view. The modern forms of cyberattack are numerous and varied, but all can lead to significant disruption and financial loss. Cybercrime is a big and sophisticated business – internationally it’s shaping up to be a $1.5T (trillion!) industry that will cause $12T worth of damage by the end of 2025.

Here in Australia, the average self-reported cost of cybercrime per report for businesses was up 50% overall ($80,850) this year. For small businesses, it meant $56,600 (up 14%) and medium businesses – $97,200 (up 55%). So, it’s pretty serious money – and a huge responsibility to place on the shoulders of one person.

Why do you need a partner who knows what they’re doing?

Managed Service Providers (or MSPs, like the team here at Colton) provide not only the trained people you need for crucial technology support but also the latest technology required to keep you safe.

Your MSP has you covered with:

  • Specialised cyber monitoring tools to proactively detect attempts to attack
  • Spam filtering and antivirus software to minimise the chance of attack
  • Compliance with local data regulations
  • Ongoing and timely software updates and vulnerability patching
  • Data back-ups to restore systems and data in case of an attack that corrupts or steals your business and customer information
  • A data breach response plan and on-the-ground help in case of attack, so you don’t have to go it alone

Probably the most important thing to note is that your MSP offers you comprehensive protection and remediation without requiring you to add to your headcount.

But wait, there’s more!

Your MSP can also offer a Managed Detection and Response (MDR) service – something that tends to be financially beyond the reach of most small and medium businesses. What does it do?

An MDR service gives you access to world-class cyber-security expertise (again, without adding to your headcount). MDR is proactive – not reactive – with highly trained cybersecurity professionals working 24/7 to identify and respond to advanced, high-tech attacks. Cyber threats are evolving constantly, and these experts do nothing but stay up-to-date with the ‘what’s next’ of cybercrime and mitigate the threats. It’s not a job for everyone, but these professionals are at the top of their game.

With MDR, you get:

  • 24/7 monitoring
  • Proactive threat hunting
  • Complete managed endpoint threat detection (think desktops, laptops, tablets and smartphones)
  • Monitoring of the global cyber threat landscape
  • Improved cyber insurance eligibility

  • Greater detection and response capability

  • Thorough investigation of any alerts, incidents or breaches

  • Vulnerability management (so your patching is always done)
  • Compliance

  • Real-time alerts plus weekly and monthly reporting

With MDR supplementing your MSP cybersecurity services, you’ve got every base covered.

Cyber insurance – do you need it?

If you’ve taken any note of the potential government-imposed penalties for cyber breaches, then you’ll know that the cost of getting your security wrong could sink your business.

You may recall the MedLab Pathology cyberattack in early 2022? This resulted in the sensitive health and financial information of more than 223,000 patients being published on the dark web. Given that MedLab provides pathology services, which include sexually transmitted disease testing, fertility assessments and genetic testing, the potential impact on clients was devastating. The outcome was the first civil penalty imposed by an Australian court for serious breaches of the Privacy Act, in the form of a fine of $5.8 million (and a contribution of $400,000 to legal costs).

The overall fine was made up of $4.2 million for not taking reasonable steps to protect the personal information of patients from a data breach, $800,000 for not conducting a ‘reasonable and expeditious assessment’ of whether the data breach was notifiable, and another $800,000 for failing to notify the OAIC (Office of the Australian Information Commissioner) as soon as possible when they finally assessed the breach as notifiable.

While this might seem like an extreme example, it highlights the value of having cyber insurance to protect your business from the liabilities and costs incurred following a data breach.

What can a breach cost you? These costs may include investigation into the breach, crisis communication, legal fees, and refunds to customers as required. Cyber insurance works similarly to your health or car insurance – you apply for a certain level of cover, answer a list of questions, and then if you need to use it, you know that you won’t incur the total cost of the incident.

Like any insurance policy, you need to meet a range of terms and conditions, and many of these directly relate to your cybersecurity tools, processes, and policies. With an MSP and an MDR on your side, your insurance should be easier to get and offer a lower premium.

How much does it cost to get cybersafe?

Asking how much it would cost you if you had a cyber incident is probably a more meaningful question than how much you’re paying to keep your company and its data protected. But as a starting point, you can improve your cybersecurity posture for as little as $15-30 per user per month. Yes, that’s all it takes.

Obviously, this amount will vary based on your size and needs – and we have packages that can be tailored to your needs.

Give us a call, and we can talk through what it would cost to cover your butt.