Australia is among countries most vulnerable to cyberattacks, RIMS says, with an average cost of cybercrime $6.6 million.

The US is most vulnerable, with Belgium, Dominican Republic, Hong Kong, Samoa, China, Afghanistan, Tajikistan and South Africa also highly exposed, RIMS says in its Executive Report “Getting Started on Cybersecurity”.

“As the world has made dynamic strides in digitising many strategies and process, we have in turn created a much larger attack surface for cybercriminals,” RIMS said.

"It is of paramount importance that every small- and medium-sized business identifies and better understands their threat profile and vulnerabilities.”

"It may be tempting to adopt a mindset of “cyberattacks only happen to others,” and “my company is not big enough to be a target. However, this way of thinking leads to overconfidence and a false sense of security."

RIMS recommends identifying and categorising customer and employee data that may be targeted: Protected information, (ID numbers, medical data), contact information (home addresses, email) and personal financial information (employee bank accounts, tax and payroll information)

It also says to assess company data: billing information, orders, product specifications and operational information.

“If you have a cyber insurance policy, do you know how to use it? Are benefits, such as a crisis hotline, legal advice and forensic services, included? Do you know how your broker and insurer can support you and when should you consider contacting them or filing a claim?” the RIMS report said.

It also says people “are the weakest link in cyberattacks,” and a well-informed and cyberaware employee is an invaluable asset in your fight against cybercriminals.

It recommends developing cybersecurity policies, implementing security awareness training for all employees, installing spam filters, endpoint detection and response (EDR) and anti-malware software, and deploying next-generation firewalls (NGFW).

"This is the first step in putting together an appropriate cyber resiliency strategy. The next step is to collaborate with expert vendors and insurance brokers to align your strategy so that it will help to mitigate and protect your business from cyber threats.”