The recent cyber attacks on Optus and Medibank Private compromised personal information from around 14 million customer accounts. At the same time, companies including Uber, Telstra’s staff rewards program and wine dealer Vinomofo were also under attack.

Cybercrime in Australia is on the rise. According to the Australian Cyber Security Centre’s annual threat report, more than 76,000 events were reported during the 2021–22 financial year, up 13 per cent from the previous financial year.

Costs associated with each one rose by an overall 14 per cent to an average of $39,000 for small businesses and $88,000 for medium sized business – and criminals are targeting businesses of all sizes.


Cyberattacks extend way beyond the major breaches of security we hear about in the media. Other examples of cybercrime include fraud, financial and identity theft and business email compromise. 

“One thing small business owners may not realise is that a breach of their personal data could put their company at risk,” says Gerry Power, Head of Sales for specialist cyber insurance underwriter Emergence Insurance. 

“If criminals gain access to, say, your passport and driver’s licence details, they could collect the 100 points of identification needed to start applying for credit in your name. You might know nothing about it until you apply for business finance and find that loan applications have been refused, your credit rating has fallen through the floor, and you can’t get any finance until the situation is resolved.”

These tips to protect personal data can also boost your business security. It’s also important to follow ACSC’s advice for ransomware, business email compromise and other threats.

1. Take password security seriously 
Despite all the warnings, the 10 most common passwords in 2022 were 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111 and 1234567890.

“Using strong passwords, and a different password each time, is an effective way to boost security,” Power says. “Consider investing in a password software manager that can create and remember them for you. Multifactor authentication, such as a six-digit code sent to your phone, can add another layer of protection.”

2. Back up your data regularly
Victims of a cyberattack may potentially lose data created after their last backup. 

“The more recent the backup, the easier it can be to retrieve vital information,” Power says. 

3. Prioritise automated updates  
If developers find a vulnerability in their software, they fix it with a patch, correction or change. When you opt to have these updates applied automatically to your own software, criminals can have less time to exploit the weakness.

4. Protect your personal information
Many organisations ask for more personal information than they need simply because it’s useful to have. 

“The less information you provide, the less you have to worry about if they’re hacked,” Power says. “For instance, if your birth date isn’t mandatory, why share it?”

5. Check before you click
According to the Office of the Australian Information Commissioner, human error contributes to 41 per cent of data breaches.

“As technology becomes more sophisticated, scams are getting harder to detect,” Power says. “You and your staff must be vigilant, verifying every link before clicking on it.”

Find out more 

Emergence has developed cyber insurance solutions for SME’s, corporates and the only standalone personal cyber policy for individuals and families available in the Australian market. Find out more about this and other protection by contacting AIB today.

Important notice – Steadfast Group Limited ABN 98 073 659 677

This general information does not take into account your specific objectives, financial situation or needs. It is also not financial advice, nor complete, so please discuss the full details with your Steadfast insurance broker as to whether this business interruption insurance is appropriate for you. Deductibles, exclusions and limits apply. This insurance is issued by various insurers and can differ. You should consider the relevant Product Disclosure Statement and any Target Market Determination in deciding whether to buy or renew this type of insurance.