Securing the SME

from Cyber Threat

- SME Cyber Security Solutions -

Cyber Risk is not a problem to fix, but a condition to be managed.

 By the Numbers

SMEs Cyber Claims Cyber Crime Cyber Insurance

SME’s make up 97% per cent of the According to CFC insurance, 90% per SMEs were the target in more than Only about 15% pre cent of SME’s
business in the Australian economy cent of all cyber claims by volume 43% of cyber crimes last year or have cyber insurance. That means
came from business with less than 20,640 businesses (reported) that 1.955 million businesses are
50 million in revenue not insured

43%
15%
97%

90%
 State of Play

Ill prepared Malware -Email It’s the money people Phishing

7 out of 10 businesses are not 92% of malware is delivered via 76% per cent of cyber attacks are In most cases, 9 out of 10 successful
prepared for a cyber attack email financially motivated cyber attacks can be traced to a
phishing attempt

76%
91%
73%

92%
 Here is what you need to know
The 4 pillars of cyber security
Business process Technology
Cyber risk is a business risk. Cyber threat It is high risk to isolate the cyber threat to
impacts the business and its operations. The just a technology problem. Technology will

01
business processes, procedures, plans and play a critical role in developing cyber
strategies must incorporate cyber at their resilience but must never be the only layer of
core. Regulatory obligations and corporate cyber defence.
integrity requires careful consideration.

02

Insurance 04 People
Perhaps the most overlooked area of cyber People are a critical asset to an organisation
defence is a bespoke mitigation strategy and need to be skilled up to work with
involving insurance. A properly conceived business and technology to develop a strong
and well developed insurance strategy can be cyber defence fabric. People can be your
the difference between sleeping easy at
night and waking up with cold sweats. 03 strongest asset or weakest link in your cyber
defence. It is simply your choice.
 Current Indicative SME Cyber landscape

Using the assessment results of several SME businesses, and extrapolating them out to a general group, generally the
maturity level is rated at ‘Basic/Ad hoc’. This means that the SME’s have basic cybersecurity, are at a greater threat
of data breach, and the impact of a data breach would be high. Also, the executive and leaders/board are aware of
cybersecurity risks, are looking at a basic plan to address threats and challenges, however, implementation and
monitoring is ad hoc as it is yet to be aligned with enterprise risk management strategies and business practices.
To build cyber resilience in SME’s
Defence in Depth:

Assessing your system Securing your System

A cyber risk assessment will This solution includes endpoint
evaluate the organisations cyber systems protection, incident
risks, creating a cyber risk profile. response and basic monitoring in a
single cohesive security package.

Insuring your systems Educating your people

It is clear there is no 100% defence
Raising the level of cyber awareness
against cyber attack. As part of this
within SME organisation is a critical
package a bespoke cyber insurance
step in empowering people to take
policy will provide incident response
effective action in preventing cyber-
and protect you from costs
attack or minimising the impact of a
associated with a cyber breach
cyber breach.
event
Assessing your system
Define the System Identify Threats
This will determine the processes, functions There will be base threats that affect all systems
and applications including; and others including;
• Data types & data flows • Unauthorised access (malicious or accidental)
• Vendors • Loss of data
• Users • Disruption of services
• Entry and exit points • Data leaks, misuse and/or exposure

Compliance Risk Mitigation

The financial sector has strong regulations and Will determine what are the appropriate risk
compliance requirements. Our platform will mitigation strategies, they may include;
help SME’s comply with it’s obligations.
• Policies and procedures
• System configurations and upgrades
• Training and education
• Insurance

Key challenges addressed

• Knowledge of current environment
• What mitigation activities are most important
• Quick wins
• Able to be proactive in cyber defence
• Using defence in depth approach (multiple layers of cyber defence)
Securing your systems
Harden the environment Layered Defence
Using our Cyber Threat Assessment Program, This solution uses layered defence to
we know what to clean and where to harden intelligently monitor and respond to cyber
your systems. We use the ASD essential 8 to threat from your internal network.
harden your systems to cover off 85% of cyber
attacks. Ensuring safe and secure backups of
data.

Secure the endpoints Monitor the system

Your last line of defence is the endpoint (PC, It is great to have all the systems security in
Tablet, Laptop, smart phone). This is generally place but if nothing is keeping an eye on it,
where attacks begin and spread from. vulnerabilities will emerge and be exploited. If
Securing each endpoint will minimize any you choose not to monitor your systems then
spread of compromised systems and work you have moved to a reactive paradigm where
with the security fabric to reduce impact and you should be in a proactive one.
eradicate the threat.

Key threats addressed

• Hardening internal systems against known exploits
• Monitoring systems against known and ‘zero day’ threats
• Endpoint response and remediation
• Proactive cyber defence
Educating your people
Determine the gaps Focused training
Your people are a critical asset to your By knowing the knowledge gaps we can
business and need to be aware and able to act deliver online focused training to build the
as another layer of cyber defence. We can cyber knowledge and know how, thus
determine where the gaps are their removing a favourite target hackers love to
knowledge and empower them to take an exploit.
active part in your organisations cyber
defence.

Cultural integration
The highest from of people defence in cyber is
when your people are integrated into the
cyber defence fabric. They know their
responsibilities, help others and take cyber
very seriously.

Key challenges addressed

• Developing your people into human ‘firewalls’ (according to the OAIC, human error accounts for 37% of
cyber attacks).
• Empowering people to make cybersecurity their responsibility
Insuring your systems
What are the gaps Bespoke insurance
We look for the gaps that no one else will do. Your insurance is about what you need, how it
We find where you need to be insured by fits your organisation and how it integrates
analysing multiple policies and look for cyber into the cyber defence fabric. Integrating
gaps and silent cyber issues. Cyber insurance with Data insurance is a
critical

Insurance as a Service Integrated insurance

An insurance policy on its own is not going to You need to consider more than just Cyber
minimize your potential for a cyber attack and insurance, what about your data, if it is
business disruption. But with the cyber irretrievably lost? A new innovative Data
services we have just covered your policy now insurance product can protect your data for
has some real power in protecting you and total loss and compensate you if it is lost.
your business from cyber attack and the
impacts of a cyber breach on your business.

Key challenges addressed

• Using insurance to work with you in developing a strong cyber defence
• Protecting you from threats and impacts that cannot be ‘fixed’
• Peace of mind
• Protecting your business from ruin
• Regulatory compliance (in time)
CONTACT US
CIS

Michael Hyatt

0400167530

www.cyberindemnitysolutions.com

[email protected]

Level 5, Nth Tower, 485 LaTrobe

Street Melbourne, 3000