The real cost of Cyber Theft

By Richard Laycock, Insurance Expert,

In 2015, the Australian Government’s ‘Stay Smart Online’ initiative released a report discussing the cost of cybercrime to our small businesses. The average answer? An enormous $176,323 per attack.

Two years on, the volatility of the digital world is more pronounced than ever. The financial pressure on Australia’s small businesses to maintain and upkeep their digital security is enormous. Research has shown that one in four workers stress about their finances, and stressing about security can cause physical problems that add to that load.

And security doesn't come cheap - 53% of the cost of security (the equivalent of $93,451) is spent on detection and recovery alone. So where does the rest of it go?

Much depends on what kind of attack is involved. A denial of service attack can have a major impact, sitting at over $180k per attack on average. Similarly, malicious insider attacks typically cost businesses around $177k to deal with, while eliminating malicious code can cost $105k. Quite aside from those huge sums, it's worth thinking about the indirect effects.

Think about how much productivity is wasted when cyber theft or a targeted attack takes place. Businesses see 29% productivity loss, 40% business disruption, 29% information loss and 25% revenue loss, every time there's a security incident. And on average, the time it takes to resolve an attack is 23 days.

That’s a minimum of 175 paid hours for at least one person to work on resolving the issue. Unfortunately, especially for SMEs, the cost accumulates so much it can potentially cause long-term damage to the business.

Loss of data, client information, and consequently reputation are all extremely detrimental to the workings of any business, no matter its size.

One simple solution is cyber liability insurance, but it’s easy to be hesitant because of the cost. However, when you think about the protection you’ll receive, the value adds up. Cover for business interruption, electronic theft, electronic communication, vandalism loss, crisis expenses, reward expenses, disclosure liability, content liability, and defence costs could significantly lower the long-term process of catching up with the resulting expenses from an attack.

That said, there are some other steps businesses can take to ensure their site is protected. It's basic but always worth repeating:, implementing adequate protective software is essential, as well as setting and enforcing strong password policies. Using firewalls, anti-virus, private networks and anti-spam software, as well as implementing an ongoing risk assessment schedule, will help the team locate vulnerabilities. It will also contribute to lowering the cost of your cyber liability insurance.

So while cyber insurance may seem costly in the short term, it’s clear that compared to the expense of repairing damage following a hack or an attack, the price might well be worth it. Evaluate your priorities and figure out which one is more important to you.

Richard Laycock is an Insurance Expert at, Australia’s most visited comparison website.
Richard Laycock is an Insurance Expert at, Australia’s most visited comparison website.

Tags anti-viruscyber attackscyber theftSMEsmalicious codeFinderAustralian Cyber Security Centre (ACSC)

Show Comments