Almost a quarter of Australian SMEs have experienced a cyber attack or hacking attempt compared to only 19 per cent in the previous year, according to the 2017 SME cyber security survey released by Norton. In a national survey of over 1000 business owners and operators, Norton found cyber attacks against SMEs are showing no signs of slowing down. This growth in the cyber threat experienced was matched by a rise in financial loss, with cyber crime costing SMEs an average of $10,299 in the last 12 months. This is compared to just under $6600 in 2016 and represents a 56 per cent increase year-on-year.
The perceived threat of cyber crime has also increased, with 25 per cent of survey respondents noting an increase in cyber security threats felt to their business in the last 12 months, which equates to over 200,000 Australian businesses with one-19 employees. In contrast, only seven per cent of respondents reported a decline in cyber risk. Downtime resulting from a cyber attack, ranked number one (39 per cent) as a negative impact of cyber crime, followed by inconvenience (27 per cent) and additional time and expense spent on recovery (25 per cent).
“For the many Australian SMEs facing a resource crunch, the cost of cyber crime is not just financial. Cyber attacks have the potential to significantly affect how a business operates and how it is perceived by customers, particularly in the event of lengthy downtime or a data breach. In an environment where competition and customer expectations are high, cyber attacks have the power to cripple SMEs, regardless of industry,” said Mark Gorrie, Director, Norton Business Unit, Symantec Pacific Region.
But as a growing number of SMEs become more aware of the risks of exposing the data of their company, employees and customers, many have started taking proactive steps to protect themselves and their valuable IP from being compromised.
The introduction of the Australian Government’s Notifiable Data Breaches scheme last month has brought fresh imperatives for maintaining the security of the data businesses hold, and the privacy of the customers they service.
In the last 12 months, SMEs reported backing up their data more frequently, with 32 per cent now doing so continuously – up from 26 per cent the previous year. A greater proportion back up to the cloud (an eight per cent increase from 2016 to 2017), and fewer only back up to their own computer (a nine per cent decrease from 2016 to 2017). More company devices, including laptops, PCs, tablets and smartphones, were password protected in 2017 (80-88 per cent), compared to just 72-82 per cent of password protected devices in 2016.
SMEs signing up for Internet security solutions also jumped to 87 per cent (from 68 per cent in 2016), and most businesses did so as a precaution to protect against potential threats (60 per cent). And these cyber security protective techniques are now being extended to offsite use.
Australian businesses are also winning back control of the devices within the pockets of their employees with fewer operators having access to financial data from a mobile (36 per cent) or personal device (46 per cent) compared to those surveyed in 2016 (47 per cent and 52 per cent respectively).
“As the financial and operational impact of cyber attacks become harder for SMEs to ignore, business owners and operators are beginning to knuckle down and get the basics right – from using passwords, two-step verification and back up, to the more complex tasks of regulating access to company data. With the introduction of Australia’s new mandatory data breach disclosure laws, we expect more Australian SMEs will go from seeing cyber security as a ‘nice to have’ to a critical piece in securing the future success of their business,” said Gorrie.