Two out of five small businesses victims of a serious cyber incident

privacy breaches, cyber incidents
Data security and privacy concept: opened padlock on binary code background. Visualization of personal or business information safety. Cybercrime or network hacker attack. EPS10 vector illustration

Ahead of today’s Safer Internet Day, cyber security firm Cynch Security has released their Big cyber security questions for small businesses white paper that highlights the security challenges that Australian small-business owners face as so many of them transition to operating online.

Of concern is the fact that the research behind the white papaer found that two in five small businesses have direct experience with a cyber incident worthy of reporting, while less than 15 per cent of small businesses have paid for outside cybersecurity help in the past 12 months.

The report also reveals that while 72 per cent of small businesses consider cybersecurity as very important (compared to 50 per cent rate physical security the same), 19 per cent of small businesses did not spend a dollar on cybersecurity over the past 12 months, despite the fact that cyber security incidents are being reported to cyber.gov.au every 10 minutes

The data has been gathered by Cynch, Deakin University and RMIT University, with additional support from AustCyber through the AustCyber Projects Fund.

Susie Jones, co-founder and CEO of Cynch Security, highlighted the fact that the research has found 84 per cent of Australian small businesses have adopted online services and rely on up to 30 separate technologies, which by itself introduces new risks that need to be actively managed.

“The small-business owners we spoke to said they know that computer systems are inherently vulnerable, and will accept ownership of any related risks but they have difficulty finding the time, available budget, appropriate support staff, and the knowledge about what could be done to manage cyber risk,” Jones said.

“Reports to Scamwatch were up almost 25 per cent in 2020. Cyber criminals looking for ways to exploit the new digital economy have found them. One of the big challenges for cyber security experts is to provide information that is easily understood by the average person,” Jones added. “They tend to speak and write in cyber security lingo and using technical terms that are baffling to most people,” Jones said.

Graeme Pye, Information Systems Lecturer at Deakin University, said that the irrefutable evidence that cyber risks are growing in Australia makes a national strategy more important than ever.

“While recent attention and investment announcements are much needed, there has been little direct support offered to the small-business sector, the backbone of the Australian economy,” Pye said.

Matt Warren, Director of RMIT University Centre for Cyber Security and Innovation lamented the fact that the main motivator for business owners to consider their cyber risk is becoming the victim of a cyber incident themselves.

“By by the time one happens, it’s too late,” Warren explained. “Being able to bring cyber awareness to the scale of the issue here in Australia will help small businesses to be proactive about cyber security and in how they are protecting their business.”