Help protect your business from cyber threats

Business size and industry:The size of the organisation and its industry can influence risk levels. Certain sectors, like healthcare, finance and government may face higher risks due to sensitive data.

How to prepare:

• Conduct a risk assessment tailored to your industry to understand specific threats
  

• Stay informed about industry trends and cyber incidents affecting similar businesses
  
  

Data sensitivity: The type and volume of sensitive data the company handles, such as personally identifiable information or payment information.

How to prepare:

• Implement data classification schemes to identify and protect sensitive information
  

• Regularly audit data handling practices to ensure compliance with best practices

Cybersecurity measures:This is comprised of existing security protocols, such as firewalls, encryption, access controls, tested backups, and employee training programs.

How to prepare:

• Invest in critical cyber security controls including multi factor authentication, patching applications and operating systems, regular backups and endpoint detection and response
  

• Regularly update and patch systems to mitigate vulnerabilities
  

• Conduct cybersecurity awareness training and phishing testing with employees.
  

• Other cyber mitigation strategies include restrict administrative privileges, application control and ensuring end-of-life systems are replaced or protected

Network infrastructure: The robustness of the organisation's IT infrastructure and any potential vulnerabilities.

How to prepare:

• Conduct regular vulnerability assessments and penetration testing to identify weaknesses
  

• Segment networks to limit the spread of potential breaches

Incident response plan: The existence and effectiveness of a formal incident response plan can indicate preparedness.

How to prepare:

• Develop and regularly test a formal incident response plan
  

• Ensure all employees are trained on their roles in the event of a cyber incident
  

Business continuity plans:Plans in place for maintaining operations during a cyber incident can mitigate risk.

How to prepare:

• Create and regularly update a business continuity plan that includes cyber incident scenarios
  

• Conduct drills to ensure staff are familiar with emergency procedures
  

Employee awareness and training:Regular cybersecurity training for employees can help reduce risk exposure.

How to prepare:

• Implement ongoing cybersecurity training programs that include phishing simulations best practices
  

• Foster a culture of security awareness within the organisation

Risks associated with vendors and partners, including their cybersecurity practices.

How to prepare:

• Assess the cybersecurity practices of vendors and partners
  

• Implement contractual obligations for cybersecurity standards
  

• Conduct regular assessments of third-party risk
  

• Ensure third party access is restricted to what they require and the length of time
  they require it

Incident history: Previous cyber incidents, breaches, or claims can impact underwriting decisions.

How to prepare:

• Keep a record of all cyber incidents and how they were addressed
  

• Conduct post-incident reviews to learn from any past breaches
  

• Use findings to strengthen defenses and update policies accordingly

Regulatory compliance: Adherence to relevant regulations and standards (such as the Privacy Act 2020) can affect risk assessments.

How to prepare:

• Stay informed about applicable regulations
  

• Ensure compliance through regular audits