Risk & Insurance
3 Steps to Keep You Cyber Safe
Cyber safety starts with protection, awareness and preparation

It’s no longer new news that cyber risks are a significant challenge for individuals, businesses and governments. The same applies for small businesses – 43% of cyber crime is now targeted towards small businesses. What’s even more devastating is that 60% of small businesses who do suffer a cyber attack are likely to go out of business within 6 months. 

There are many steps you can take before, during and after a cyber incident that can help contain and manage the damage if not prevent it. As with any disaster or unfortunate incident, having preventative measures in place, as well as a response plan can help lessen the impact of a cyber attack.     

Data breach preparation and response, July, 2019

“Your actions in the first 24 hours after discovering a data breach are often critical to the success of your response...and you should create and test your plan before a data breach occurs."

Below, we outline key insights around cyber safety, broken down into 3 easy steps for you:


  • Identify and protect your assets – Identify the data, devices and systems that enable your organisation to achieve its business purposes.
  • Manage cyber risk – Identify, assess and manage the cyber security risks to your organisation’s data, systems, people and supply chain.
  • Know who has access – Manage physical access to facilities and logical access to systems and devices.
  • Back up – Ensure you regularly back-up important data and information to reduce the damage in case a breach occurs.
  • Strong passwords – Ensure that you use ‘smarter passwords‘ and where possible multi-factor authentication.


  • Smarter Protection – Have clear policies & security measures relating to your systems, data protection and privacy in case a breach occurs. Ensure your business is aware of this.
  • Acceptable use – Put in place a policy that stipulates the constraints and practices a user must agree to for access to your network and systems. Ensure that individuals are aware of and attest to having read and understood the policy.
  • Awareness is action – Train your staff on the risks and importance of protecting sensitive information – especially personal information.
  • On-going education – Provide regular awareness sessions to staff on how to identify irregular behavior and how to be vigilant.


  • Response – Ensure that you have plans in place to respond to an incident and test them regularly, if possible, with internal and external stakeholders (i.e. legal, PR, crisis management etc.).
  • Recovery – Ensure that processes are in place to minimise the downtime of systems and assets impacted by a cyber event and test them regularly.



Subscribe to SME Talk

This information is intended to provide general insurance related information only. It is not intended to be comprehensive, nor does it, or should it (under any circumstances) be construed as constituting legal advice. You should seek independent legal or other professional advice before acting or relying on any of the content of this information. Before deciding whether a particular product is right for you, please consider the relevant Product Disclosure Statement (if applicable) and full policy terms and conditions available from Aon on request or contact us to speak to an adviser. Aon will not be responsible for any loss, damage, cost or expense you or anyone else incurs in reliance on or use of any information contained in this article.