Cyber Liability: Overcoming Objections from Your SME Clients. Part 1 

Overcoming objections is part and parcel for brokers, but selling SMEs on Cyber Liability can be especially challenging. That’s why we’ve broken down three common objections and provided talking points to help you address these client concerns. 

My business is too small to be hacked.

Our brokers hear this one a lot. Many SMEs don’t think a cyberattack could happen to them simply because they are small. 

It’s not surprising that so many SMEs think this way. Cyberattacks on large corporations, hospitals, and government agencies dominate news coverage. However, small businesses are often easier targets partly because they don’t think they are worth a hacker’s time. 

Are your clients still sceptical? Here are some stats that might help change their minds: 

  • A 2020 survey of small and medium businesses conducted by the ACSC found that 62% of respondents experienced a cyber incident1, and a 2021 survey by Cisco showed similar results (65% of Australian respondents)2
  • 150,000 to 200,000 small office/home office routers in Australia are vulnerable to compromise3

The bottom line: Cyber Liability isn’t just for big businesses. As attacks on SMEs continue to rise due to their vulnerability and lack of protection, it may be more important than ever for your clients to protect themselves against the financial fallout of hacks, breaches, and data loss.   

“I don’t have information worth stealing.” 

Some SMEs may think their business isn’t worth targeting. What could cybercriminals want from a tradie, retail shop, or hairdresser? 

Regardless of the industry they work in, virtually all SMEs have information that cybercriminals could want, such as Personal Identifying Information (like full names, dates of birth, and other details that can be used to steal someone’s identity), payment info (credit card numbers, bank account details, etc.) or trade secrets (intellectual property belonging to your client, their partners or their suppliers). 

However, stealing data isn’t the only end game when targeting SMEs. Small businesses may be more likely to experience attacks like: 

  • Phishing – Your client receives an email or SMS that appears to be from a trusted source, like their bank or a supplier. They’re asked to take an action, like verify their login details or transfer payment to a new account. Turns out the message is actually from a cybercriminal, and your client has unknowingly compromised their accounts or paid the wrong person. 
  • Business Email Compromise – Cybercriminals may try to access your client’s business email to target their suppliers and partners for fraudulent payments. This can happen through phishing or malware, like keystroke loggers. 
  • Ransomware – A type of malware, ransomware is designed to lock a victim’s system unless they pay a ransom to regain access. Cybercriminals know that many SMEs will pay almost anything to get their business back up and running. However, even if the ransom is paid, your client might not be able to restore their system or data. 

The bottom line: Stolen data is just the tip of the iceberg when it comes to cyberattacks. While your clients may not have enough data for hackers to care about, it doesn’t mean they are safe. Fraudulent payment requests and shutting down operations via ransomware can do just as much, if not more, damage. 

Cyberattacks aren’t a big deal.

Your client might agree that they’re a potential target but may underestimate how much a cyberattack can damage their business. If your client’s business is covered by the Privacy Act 1988, they must notify affected customers and the OAIC. They may face steep fines for failing to comply with this legislation and suffer a blow to their professional reputation. 

Business interruptions caused by cyberattacks can be devastating regardless of whether a small business is subject to privacy legislation. Ransomware can be used to hold a client’s system hostage until they pay a ransom to regain access. This could translate to thousands in lost revenue while their system is locked. 

The bottom line: Cyber Liability insurance can be a powerful tool to help SMEs get back to business as usual as quickly as possible. Policies typically cover the expense of notifying customers of a breach, related fines and penalties, and business interruption costs. It may also cover crisis management costs to help them recover their business’ reputation. 

Get Cyber Insights in Your Inbox 

Subscribe to BizCover for Broker’s monthly Cyber Digest for insights into Australia’s cyber security landscape. Access the latest cyber resources to expand your knowledge and share with your team.  

Explore our new cyber hub for more great info on protecting your SME clients against the financial fallout of cyberattacks and find resources to share with your clients and brokerage. 

1. ACSC, Cyber Security and Australian Small Businesses, 2020 
2. Cisco, Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense, Sep 2021 
3. ACSC, Annual Cyber Threat Report, July 2021 to June 2022 

BizCover for Brokers acts as agent of the insurer and not as the agent of you or your client. Any advice provided is general advice only and does not take into account the personal objectives, financial situation or needs of you or your client. Always read the Product Disclosure Statement or Policy Wording (available on our website). 

© Copyright 2023 BizCover Pty Limited. BizCover for Brokers is a business name of BizCover Pty Ltd (ABN 68 127 707 975; AFSL 501769). 



Leave A Reply