We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:


How to minimise the risk of a Ransomware attack on your business

21 October 2021

With 62% of ransomware attacks in 2020 targeting small to medium enterprises (SMEs), the need for companies to protect themselves against cybercrimes has become more important than ever. 

In this article, we take a look at the current impact of ransomware on SMEs and what methods Australian businesses can take to help minimise the risk of a ransomware attack.

What is Ransomware?

Ransomware is a form of malicious software that cybercriminals have used to financially exploit Australian businesses for many years. Traditionally, hackers employed ransomware to encrypt critical files on a company’s network and block administrator access, subsequently demanding victims pay a ransom to restore their files. Businesses slowly adapted to this threat by improving their IT systems and conducting regular backups of critical systems - but as many security experts recognise - it is nearly impossible to stay ahead of cybercriminals.

Ransomware also evolved as threat actors discovered new sophisticated methods of attacking businesses, including double and triple extortion techniques. These techniques include threatening to publish exfiltrated data on the dark web, selling stolen information to criminal groups and launching Distributed Denial of Service (DDoS) attacks against businesses to cripple their network. These threats increase the pressure and serve to further encourage victims to pay the ransom.



A company’s IT systems can become infected by ransomware in many ways. Most commonly, businesses are exposed to ransomware through phishing emails, also known as social engineering. These emails are often sophisticated and highly targeted, designed to manipulate unsuspecting employees into clicking malicious links or attachments to infect the entire network.

Recently, ransomware has also infected a huge number of business’ networks by exploiting common vulnerabilities in web servers as a point of entry. The 2021 Annual Cyber Threat Report, developed by the Australian Cyber Security Centre, found that there has been a 15% increase in ransomware cybercrime reported in the 2020–21 financial year.

To combat this increase, the newly introduced Ransomware Payment Bill aims to impose a “ransomware payment notification scheme” whereby government agencies and businesses that turnover more than $10 million AUD will be required to notify the Australia Cyber Security Centre before paying a ransom.


How is Ransomware a threat to SMEs?

It’s a common myth that only large companies are impacted by ransomware; 62% of the ransomware attacks in 2020 were on small and medium enterprises (SMEs). Ransomware has become extremely harmful to all businesses, contributing to 81% of financially motivated eCrimes globally. This form of cyber-attack can cripple IT systems, websites, customer data and payment systems. Ransomware poses a major operational risk to businesses of all sizes, industries and revenue. A ransomware attack would threaten the financial stability of a small business due to the loss of revenue, IT recovery costs, network remediation and cost of paying the ransom if the business chooses to do so. A recent survey found that the average Ransomware downtime cost alone was $274,200 USD ($377,700 AUD) for SMEs in 2020.


Methods to mitigate Ransomware

1. Provide formalised phishing and cyber security awareness training to all employees

Teach employees how to identify malicious emails and, where possible, report suspicious emails to IT or senior management. This will help to reduce the likelihood of employees exposing the business to infectious websites or email attachments, as recent data has shown that 54% of ransomware attacks are caused due to phishing emails.

2. Flag all emails which originate from outside of the organisation

Incorporating an automatic alert on all external emails can help prevent hackers from impersonating internal staff and attempting to gain system access to perform funds transfer fraud.

3. Use antivirus and anti-spam solutions

Implement a spam filter to prevent the majority of phishing emails from reaching the network.

4. Enable multi-factor authentication

Using multiple layers of verification to confirm an employee’s identity whilst logging in can increase network security in the face of weak passwords and increased endpoint vulnerabilities caused by working from home.

5. Complete regular patching of all hardware, software and operational technology

This can help to prevent hackers from targeting common software vulnerabilities with malware in order to gain control of a company’s network and data. These exploits are perpetually discovered by criminals and can be greatly reduced by deploying critical software patches.

6. Follow the principles of network segmentation and least privilege

Restricting local admin privileges as much as possible ensures that if credentials are compromised, hackers are vastly restricted in their ability to move laterally or cause further network disruption.

7. Maintain system backups

Maintaining an up-to-date offline copy of critical system data does not prevent an external threat but often gives more options to organisations when determining whether they want to negotiate with the cybercriminals or attempt to rebuild the system themselves.


Why is Cyber Insurance crucial in mitigating ransomware?

Cyber insurance responds to claims made by victims of a ransomware attack. This includes:

  • Immediate 24/7 access to incident response services following an actual or suspected cyber event
  • Ransom payments* and access to specialist ransom negotiators
  • Loss of profit related to business interruption following a Ransomware attack
  • Costs to repair and restore IT systems and data

*where it is legal for insurers to pay a ransom

It has never been more critical for businesses to take proactive measures to help manage their cyber risk, including the implementation of cyber insurance cover. A cyber insurance policy is an extremely valuable risk transfer tool for every business. With a cyber insurance policy in place, access can also be made available to cyber security training modules and risk awareness videos as part of your business’ policy, helping your business and your team to identify and prevent cyber-attacks.

The threat of ransomware is continually evolving in complexity and frequency, meaning that no business is safe. Protect your business from Ransomware attacks today by talking to Marsh’s cyber risk experts for a solution to help keep your company safe.

Learn more about Cyber Insurance

Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369) (“MAI”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) which is a related entity of MAI. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh Advantage Insurance on request.