An Update on Cybercrimes on Australian Small and Medium Businesses

On average, every 10 minutes a cybercrime is being reported in Australia. 1

Cyber-attacks are considered one of the greatest risks to small and medium enterprise businesses (SMEs) as they can significantly impact business operations.

With 48% of Australian SMEs spending less than AUD $500 annually on cyber security, many hackers view these businesses as an attractive target due to a perceived lack of resources to defend against attacks.

Supply chain attacks also continue to be an area of concern due to the extensive range of victims that can be reached through targeting a single service provider.

Ransomware, in particular, has become extremely harmful to businesses, contributing to 81% of financially motivated eCrimes globally 2. It’s a common myth that only large companies are impacted by ransomware, as a report conducted by Beazley in the United Kingdom found, 62% of the ransomware attacks in 2020 were on SMEs 3.

This form of cyber-attack can cripple IT systems, websites, customer data and payment systems.

Over 60% of Australian SMEs don’t survive a cyber-attack or data breach. 4


Recent trends in cyber claims

• 10% of incidents reported were in the retail and hospitality sector.

• There was a 10% increase in the number of claims notified to insurers, compared to the previous six months.

• Fraud (email or accounts manipulated), data breach and ransomware attacks continued to make up the majority of the matters.

• Business Email Compromise remains a popular method, as we have seen cybercriminals indiscriminately targeting all industries with this type of phishing attack.


What is ransomware?

According to Sophos, the average ransom paid by companies globally is USD $170,404 5. However, if a business experiences a ransomware attack the potential costs extend beyond the price of simply paying a ransom.

Ransomware is a form of malicious software that cybercriminals have used to financially exploit Australian businesses for many years. Traditionally, hackers employed ransomware to encrypt critical files on a company’s network and block administrator access, subsequently demanding victims pay a ransom to restore their files. Businesses slowly adapted to this threat by improving their IT systems and conducting regular backups of critical systems – but as many security experts recognise – it is nearly impossible to stay ahead of cybercriminals.


Why is cyber insurance important?

A cyber insurance policy is an extremely valuable risk transfer tool for every business. Having cyber insurance cover can help protect your business’s reputation and finances and can help minimise any damage or disruption from the cyber-attack.

With a cyber insurance policy in place, access can also be made available to cyber security training modules and risk awareness videos as part of your business’ policy, helping your business and your team to identify and prevent cyber-attacks.

Cyber insurance responds to claims made by victims of a ransomware attack. This includes:

  • Immediate 24/7 access to incident response services following an actual or suspected cyber event
  • Ransom payments* and access to specialist ransom negotiators
  • Loss of profit related to business interruption following a Ransomware attack
  • Costs to repair and restore IT systems and data

*where it is legal for insurers to pay a ransom


What can retailers do to mitigate risks of ransomware attacks?

Read this article from Marsh for tips to mitigating a ransomware attack


Need advice? 

Interested in insurance solutions risk advisory for your business? Contact the ARA Insurance team at Marsh on 1300 133 988 or at to speak to them about developing an insurance and risk management program that aligns with your business risk requirements and appetite.


Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369)(“MAI”) arranges the insurance and is not the insurer. This publication contains general information and does not take into account your individual objectives, financial situation or needs. For full details of the terms, conditions and limitations of the covers, refer to the specific policy wordings and/or Product Disclosure Statements available from MAI on request. This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. MAI shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. MAI makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. MAI makes no assurances regarding the availability, cost, or terms of insurance coverage. The Australian Retailers Association (ARA) receives a financial benefit when a policy is arranged for its members by MAI, enabling it to continue to provide further services to the retail industry.

1 Australian Cyber Security Centre (ACSC): ACSC Small Business Survey Report

2  CrowdStrike Services: Cyber Front Line Report

3  Beazley: Breach briefing 2020

4  The Australian Small Business and Family Enterprise Ombudsman

5  Sophos: The State of Ransomware 2021



The NRF Retail Big Show – APAC Summary

The National Retail Federation’s ‘Big Show’ is the signature global retail event held in New York City annually, and for the very first time, the event launched today in Singapore.

NRF Retail’s Big Show APAC Closing Comments

The final session of the 3-Day NRF Retail’s Big Show in Singapore concluded with insightful comments from Ryf Quail, Managing Director, Comexposium. Ryf has run local branches of global media