Cyber threats are no longer reserved for Australia’s largest corporations. As cybercriminals shift their focus, mid-market businesses are finding themselves in the crosshairs, often without the resources or readiness to respond. With attacks growing in frequency and sophistication, insurance professionals and their clients face mounting pressure to protect sensitive data, maintain operations, and safeguard reputations. In today’s volatile landscape, understanding the evolving threat is not just important, it is critical to your business’s future.
In this insightful episode, Insurance Business Australia sits down with Natalie Miladinski, Cyber Underwriting Manager for Asia Pacific at HDI Global SE, to unpack the realities of cyber risk for mid-sized firms. Drawing on her deep expertise in incident response and cyber resilience, Natalie shares real-world examples, the latest breach statistics, and practical strategies for brokers and business leaders. Listeners will learn how HDI’s Cybertech+ policy and tailored resilience workshops empower organisations to respond swiftly and confidently when, not if, a breach occurs.
What you’ll discover in this episode:
Don’t wait for a headline-making breach to hit your business. Tune in now to arm yourself with the knowledge, tools, and expert advice you need to stay one step ahead of cyber threats.
[00:00:23] Danny Wood: Hello, and welcome back to IB Talk. I'm Danny Wood, News Editor of Insurance Business Australia. We're taking a look at the cyber attacks on mid-market businesses. These are the attacks that don't make the headlines so much like those larger scale breaches at Qantas or Optus, but they're a dangerous threat and more and more they're impacting the SMEs that many brokers work with. This episode is presented in partnership with HDI Global and Natalie Miladinski is with us. Sydney-based Natalie is HDI's Cyber Underwriting Manager for the Asia-Pacific. She's an expert in incident response and cyber resilience. Welcome, Natalie.
[00:01:00] Natalie Miladinski: Thank you, Danny. It's great to be with you here today.
[00:01:03] Danny Wood: Yeah, really nice to have you on the show. Now, you'd argue that the mid-market is just as vulnerable now to cyber attacks as the really big companies. Why is that?
[00:01:12] Natalie Miladinski: Yes, I would. For a long time, mid-market companies thought that they were immune and unattractive to cyber threats. They believed that only large corporates were being targeted, but that was never really true. They were always a target, just a less lucrative one. Now. Though mid-market organisations are prime real estate for cyber criminals.
[00:01:33] Danny Wood: Could you take us through some of the statistics? I mean, how widespread are these breaches and how much actually impacting these mid-market firms?
[00:01:41] Natalie Miladinski: Yeah, of course. I mean, Australia recorded 47 million data breaches in 2024. That's more than one per second. Globally, that put us 11th for overall volume and 5th for breach density. According to the Australian Cyber Network's 2024 report, Australia is now the fourth most targeted nation for threats against critical infrastructure. Close to 70% of Australian businesses have experienced a ransomware attack. 50% of the breached businesses have paid a ransom, even though many had publicly committed not to pay. And 36% of boards haven't decided whether they would pay a ransom if they were attacked. That last statistic for me is... the one that's particularly terrifying. When a breach hits, you don't have time to hold a board meeting and debate ethics. You really need to plan in advance.
[00:02:34] Danny Wood: That is pretty terrifying. Can you just go into a bit more detail, which sectors are the most impacted?
[00:02:41] Natalie Miladinski: Yeah, well, according to CloudFair's 2024 survey, the top three are manufacturing, transportation, and education. So manufacturing saw 63% of organizations affected by ransomware, whilst transportation was at 57% and education at 48%. And as for the data that was most targeted, 62% of the attacks went after the customer data, while 55% go after financial data and 52% target user credentials.
[00:03:13] Danny Wood: And what do you see as driving all this escalation?
[00:03:17] Natalie Miladinski: It's really two forces. The first one is organised cybercrime, and the other is state-sponsored actors. With Australia being part of the AUKUS security pact, politicians believe that made us a key geopolitical target. And on top of that, there's also AI-powered scams that have amplified the risks.
[00:03:37] Danny Wood: We hear a lot about simple human error being behind a lot of these attacks when they're successful. Can you touch on a couple of these social engineering types of attacks?
[00:03:48] Natalie Miladinski: That's right. Sometimes it's simple human error. For instance, one large retailer was breached because someone impersonated an employee and requested a password reset. The IT staff member didn't have a process to verify the identity, and so they did reset the password, and that attacker walked right in. In another case, a major airline was compromised to a third-party call center. The attackers posed as customer care agents, and they were able to access the servicing platform. And that's all it took. Quite scary, really.
[00:04:25] Danny Wood: It is scary. Those were both good examples, Natalie. What's another example that you've seen recently of an attack on a mid-market business or SME that caught your attention?
[00:04:35] Natalie Miladinski: Yeah, for me, a really important case is the MediSecure one. MediSecure were a digital e-script provider who was widely used during the COVID-19 pandemic, and they experienced a breach that exposed confidential patient data. Now, since then, this company has now gone into voluntary administration because they ran out of money trying to notify their stakeholders and fix their systems. Most people don't even realise that they were affected. Chances are if you got an electronics prescription during the pandemic, it was MediSecure who were involved. But that breach didn't dominate the news cycle the way that Medibanks did. But for the business itself, the impact was devastating.
[00:05:23] Danny Wood: So why are these mid-sized businesses particularly vulnerable, do you think?
[00:05:27] Natalie Miladinski: It's really a mix of underinvestment, outsourcing and complacency. Many mid-sized businesses outsource their IT to manage service providers and assume that they're also outsourcing the cybersecurity risk. But they're not. The responsibility for data always rests with the business. No matter who manages the systems, they have to make sure that it is secure.
[00:05:52] Danny Wood: So what do you think firms and their brokers need to think carefully about, Natalie?
[00:05:58] Natalie Miladinski: So companies need to think carefully about what's most valuable in their particular business. For some, it'll be their client data, and for others, it'll be keeping production lines running. Whatever is most valuable, that's where your controls need to be the strongest.
[00:06:17] Danny Wood: I can't let you go without looking at some solutions. How does HDI's Cyber Tech Plus policy address these sorts of challenges?
[00:06:24] Natalie Miladinski: Yeah, thank you. Here at HDI, we go beyond standard insurance. With Cyber Tech Plus, mid-market clients get access to dedicated incident response team, which is really critical. The incident response team includes a breach coach who will run the rest of the team, forensic investigators, crisis communication support, legal advisors, and PR consultants. Having access can make all the difference. The policy also covers business interruption loss, data recovery costs, privacy and network security liability, and regulatory reporting and client compliance support. And really, if your company couldn't operate without computers, you need CyberCover. It's that simple.
[00:07:13] Danny Wood: The other side of what you're talking about, this cyber resilience is education. What's HDI offering there?
[00:07:21] Natalie Miladinski: Yes, we now offer cyber resiliency workshops, and these are tailored sessions for C-suite leaders and IT teams. The goal of these workshops is to build familiarity with the breach scenarios and response processes. Knowing who your breach coach is, what decisions have been made, and how fast you can act, that can make or break your response. We often offer these workshops as complimentary or subsidized for policyholders depending on their needs.
[00:07:51] Danny Wood: If your brokers and mid-market clients who are grappling with all these cyber issues could take away one message from this podcast, what would it be?
[00:08:00] Natalie Miladinski: You know, I get asked that question all the time. And my answer is that readiness is everything. Cyber risk is no longer a niche concern. It's a mainstream business threat with financial, operational, reputational, and legal implications. The risk isn't going away. And what you can control is your readiness and how confidently you respond when it happens.
[00:08:26] Danny Wood: Thanks very much for... talking with IB Talk, Natalie.
[00:08:30] Natalie Miladinski: You're welcome. Thank you. It's been great to spend time with you, Danny, and thank you very much.
[00:08:34] Danny Wood: And Natalie Miladinski is HDI's Global Cyber Underwriting Manager for the Asia-Pacific. She was explaining how brokers and their mid-market SME clients can protect themselves from cyber attacks. Thanks for listening to IB Talk. Bye for now.
Key exposures include Lismore and Brisbane
From rising insolvencies to climate risks, construction insurance is facing new challenges—get the insights you need
Find out how adaptable insurance coverages can tackle today's toughest construction challenges
Uncover how to achieve impressive growth and the opportunities presented in a post-pandemic world
Diversity, equality and mentoring
And how different is brokering in the West?
"It's not just for women"
"This is not our first rodeo"
Uncover the common misconceptions and opportunities of EIL insurance
Experts delve deep into the challenges impacting the construction industry
Broker talks about four-year sabbatical and how the industry changed during his absence
What are the key things insurance experts can learn from the motor claims sector?
"There is an art to it and it’s not very easy"
Unveil the dynamic evolution of accident and health insurance, and its profound impact on brokers and clients
Why finding cover doesn't have to be Mission: Impossible
Here's how to get the best young people through the door
