C&L, Cranes & Lifting, Features, Technology

Are you insured against cyber-crime?

The frequency of cyber-crime events is growing year on year and it and it is a fallacy for crane hire companies to think they are immune to a cyber-attack.

The frequency of cyber-crime events is growing exponentially, year on year and it and it is a fallacy for crane hire companies to think they are immune to a cyber-attack. Cranes and Lifting reports.

Cyber criminals are preying on Australian businesses and individuals, with research showing there were 13,000 reports of cyber-crime from individuals and businesses to the Australian Cyber Security Centre over a three-month period in 2109. The Morrison government estimates cyber security incidents cost Australian businesses $29 billion a year.

According to Troy Filipcevic, managing director of Emergence Insurance – if you think your business is immune to a cyber-attack, think again.

“Emergence Insurance is the only underwriting insurance company in Australia 100 per cent focused on cyber risks for business. Cyber insurance helps protect businesses against all forms of cyberattacks,” he said.

Emergence Insurance and Underwriting Agencies of Australia (UAA) work closely together to service the crane industry. Both are part owned by the same parent company Steadfast Group.

Related stories:

“We’re both leaders in our respective industries with UAA specialising in mobile equipment including cranes and construction machinery, and Emergence experts in cyberattack and we think the partnership between the two will bring benefit to UAA’s customers. I work very closely with Michael ‘Murf’ Murphy, George Grasso and their team and spend two days a week in their office,” Filipcevic said.

The message Emergence Insurance wants to get out there is that people tend not to think about these sorts of issues because they think it won’t happen to them. Cyber-attacks have been increasing exponentially, year on year for a number of years, according to Filipcevic. The company works closely with UAA and a number of their customers are already on board or they are examining these sorts of policies. UAA has joined forces with Emergence to provide cover for cyber-attacks and very soon all policy renewals will cover for this risk.

Cyber-attacks can come in all forms and cause businesses untold damage. Attacks can include ransom ware where people will hack into a business’s IT systems and lock down all the files so they can’t be accessed. The perpetrator then demands payment for the release of these files.

Filipcevic explained that a cyber-attack can also come in the form of Malicious Software or Malware, which is basically when someone in the office clicks on an email or clicks on a link that’s come from a hacker, that releases a virus into their computer systems. Once the perpetrator is in the system, they can steal files, steal information and try to embezzle money.

“If a business suffers a cyber event, we’ll cover the costs your IT system and get you back up and running. If a crane hire business is down for a certain amount of time and they don’t know where and when appointments are, where their cranes need to go, what cranes are in the field and who’s doing what and they lose revenue as a result, then the policy will replace the revenue lost by the business,” Filipcevic said.

The vast majority of cyber-attacks are a result of human error and the crane sector is not immune to this threat. Attacks occur as a result of people clicking on links that they shouldn’t, people leaving computers on and not backing up. According to Filipcevic, the crane industry is just as vulnerable to cyber-attacks as any other.

In the crane industry a lot of the cranes and the lifting components are all reliant on computer technology in some way, shape or form. This means not only is the business and the computer system which runs the business at risk, the equipment which relies on the technology to perform its role is equally at risk.

“If I think about those businesses, they are exposed in terms of being heavily reliant on technology to perform their tasks which means a hacker can access the technology on the crane and immobilise it. He could jam the computer in the crane and play around with the calculations relating to lifts which could cause damage to property or they could suspend all the functions and make the crane redundant,” he said.

In Filipcevic’s experience, a typical crane hire business can take a number of measures to prevent cyber-attacks.

“There are a number of precautions that crane companies can take to counter cyberattacks. This can be as simple as staff having strong passwords. This increases the difficulty of a hacker accessing the system. Implementing two factor authentication means that employees have to authenticate themselves to actually gain access to systems and that’s starting to become a core component of people’s security within the business.

Filipcevic said implementing patching software when patches are released is also important. He said if Microsoft releases a patch to update the software within the business, they should be updating the patch very quickly thereafter. This is because Microsoft is providing patches since they are finding vulnerabilities in their systems and they are fixing them. They are then sending that out to users to implement as well. Installing these patches as soon as possible is key.

“The other main component is backing up information and backing up data for the business because if they do suffer a cyber event, they have back ups of their information and they can respond and get up and running quickly. Another issue is the training of staff, making them more vigilant and making them aware of the dangers because as I’ve said previously most attacks are as a result of human error,” said Filipcevic.

Emergence Insurance insures all businesses whether they are owner operators with one machine all the way up to multinational businesses with fleets of cranes in the market, says Filipcevic.

“Not only do they get access to an insurance policy and the reassurance that if they do suffer an attack the insurance company will pay; we also have access to global ‘soft security vendors’ as part of our offering so if the business doesn’t have an IT Consultant or a Soft Security Consultant we will help provide these services as part of their claim. It’s not only about the insurance coverage and the money the policy provides, it’s the additional services and the experts we bring along for the ride as well,” he said.

The insurance isn’t expensive with premiums for the smaller businesses starting from around $500 to $1000 per annum and up from there. The threat is real, says Filipcevic

“We’ve had a number of crane companies that have experienced attacks. Cyber-attacks are not industry agnostic or size of organisation agnostic. A lot of the time the perpetrator doesn’t know who they are targeting and doesn’t care, they just happen to find a vulnerability on a system, and they exploit it.

“The misconception in the market, and this is a big issue, is that a lot of businesses think that it won’t happen to them because they are either too small or they’re not in a high-tech industry. In reality it’s quite the reverse. The smaller players tend to think they will be immune but, in fact, they are the ones in the firing line, essentially because they don’t have an army of technology people internally working on IT security. They’re busy working on the business, servicing clients and too busy to think about cyber security. This leaves them regarded as ‘low hanging fruit’ and in the firing line of these hackers,” he said.

“Another misconception is that perpetrators are only after the big guys and it won’t happen to us because we’re small. But it’s equally detrimental to small business. If they can’t get cranes out into the field or they can’t get them working, then they are not getting paid. If they are not getting paid, it’s impacting their livelihoods and those of everyone involved with the business.

“I would suggest that they to need consider taking out insurance to protect their livelihood from a cyberattack. If they are on a paper booking system for example and they suffer an event they probably going to fine. They know they’ve got a crane in the field and it’s working etc. but if I’m fully technology compliant and I can’t access my booking systems, I can’t access my crane and I don’t know where it is, that’s going to be a major issue,” said Filipcevic.

Send this to a friend