Real Estate owner Robyn Willis passed on a ‘cyber insurance’ option when last renewing her business insurance, but she’s now reconsidering after being the victim of a cyber attack.
Her business was attacked by ‘ransomware’, now so common it has its own moniker.
It all started innocently enough when she received an email purportedly from ASIC advising that her business registration was due for renewal which, in fact, it was.
Moving through the renewal process she clicked on the provided link several times without getting a response.
Being busy with other matters, she decided to return later to investigate the problem and finalise the renewal.
For the next 24 hours, unbeknownst to Mrs Willis and her staff, the virus was working its way through the office network locking up files.
Mrs Willis only become aware there was an issue when she was notified by her bank that there had been some interference with the files the business uses for online banking.
This happened around the same time a staff member returned from lunch to discover a ransom note displayed on her computer screen, demanding payment in exchange for a code to unlock the files.
According to Verizon (publisher of the 2016 Data Breach Investigations Report) such attacks are typically opportunistic and motivated by financial gain.
“The malware gets onto your system when someone clicks on a malicious email link or visits an infected website,” a spokesperson for Verizon said.
“Ransomware is on the rise. It involves attackers encrypting the contents of a device, rendering it useless. They then demand a ransom to unlock the data.”
Cyber insurance can cover forensic investigation, legal advice, public relations expenses, damage and computer hardware and loss of profits and extra expense during the time a business in interrupted, such as wages for staff to recreate lost databases.
The cover may add several hundred dollars to a premium but, like any insurance, it’s a small cost if the insuree is the one attacked.