Australian businesses that employ between 100 and 500 employees can expect to shell out approximately $1.9 million if hit by a cyber attack, according to research released this week by global cyber security firm Webroot.

However, experts warn the costs to businesses of a cyber attack or email scam are not purely financial: there’s reputations at stake too.

Webroot surveyed 600 IT decision makers in SMEs in Australia, the US and UK in May this year to calculate the average cost to a business of a cyber attack.

In Australia, that figure is $1.89 million, with half of the Australian respondents to the survey indicating that their business would face costs of more than $1.3 million if customer records or critical business data were lost.

The same survey found 94% of Australian firms with between 100 and 500 employees are increasing their IT security budgets, by an average of 12%, and 60% of the same businesses believe they are not prepared to deal with a potential cyber attack.

The costs to a business of a cyber attack are not purely financial — and this is also front of mind for the businesses surveyed by Webroot.  Seventy-five percent of the Australian firms surveyed said it would be harder to restore their business’ public image in the event of an attack, compared with restoring employee trust and morale.

Company reputations are also at stake in the event of “brandjacking scams” or email impersonation scams that attempt to dupe their customers into paying fake invoices or giving up their personal details.

Rarely a week goes by without one of Australia’s large telecommunications or energy companies being hit by an email scam. Australian government departments and bodies are also not immune, with small and medium businesses previously being warned about fake email invoices impersonating the Australian Taxation Office, the Australian Securities and Investments Commission and the Australian Competition and Consumer Commission.

In June, email security software provider MailGuard reported seeing a 400% increase in these email attacks, while data released from the ACCC in May showed that Australians lost $300 million to scams and fraudulent activity in 2016. Of that amount, businesses reportedly lost $3.78 million.

While it is most common to see “brandjacking” email scams targeted at the big end of town, MailGuard chief executive Craig McDonald told SmartCompany these scams pose an “enormous” risk to small and medium businesses, perhaps even more so than to larger brands.

“When you’re a large, established brand you have built up loyalty and credibility over a long time.,” McDonald says. But SMEs don’t have the same luxury, he says.

“Any type of cyber attack — whether it impacts the SMB or impersonates it — can seriously undermine their reputation, and discourage customers and suppliers from doing business with them,” he adds.

“Businesses need to be aware of the lifecycle costs of being online. It’s like when you buy a car and you have [to pay for] maintenance and updates.”

Establish a relationship with an IT specialist – a reliable expert you can call on in the event of an attack.

 Rock IT:  for all your troubleshooting and security needs.

Author: Eloise Keating