Small Business Minister Julie Collins and Cyber Security Minister Clare O’Neil have announced that the Federal government is launching two initiatives that seek to improve the cyber health of small businesses that have long been vulnerable to cyber attacks.
Under the initiatives $7.2 million will be allocated to create a voluntary cyber health check program that will allow businesses to undertake a free, tailored self-assessment of their cyber security maturity and determine the strength of their cyber security measures with educational tools and materials they may need to upskill. As part of the initiative, businesses with high-risk exposure can access a more sophisticated, third-party assessment to provide additional security across national supply chains.
A further $11 million will be allocated for the Small Business Cyber Resilience Service to provide one-on-one assistance to help small businesses navigate their cyber challenges, including walking them through the steps to recover from a cyber attack.
The initiatives were announced as the latest report from the Australian Cyber Security Centre revealed that a cyber attack happens every six minutes and a small business that is affected suffers a financial loss of an average of $46,000.
Australian Small Business and Family Enterprise Ombudsman Bruce Billson has lauded the initiatives saying, “These announcements will provide the type of concierge-style support we have advocated for to assist small business to be as prepared as they can be by providing a free check on their readiness and then advice on actual practical steps that can be taken to further strengthen their business.”
“One of the biggest fears a small business has is that they will be targeted and wiped out by a cyber attack and we are pleased our strong advocacy for greater sector-wide support has been heard,” Billson added. “Some never recover from the assault on their operations and their reputation and today’s announcement offers practical help to minimise the chance of being a victim and better prepare small businesses to bounce back.”
Billson added that the voluntary cyber health check program, as well as third-party assessments and assistance, should be built into a new right-sized privacy compliance framework for small business, given the government’s decision to remove the small business exemption from the Privacy Act.
“Incorporating cyber-security guidance and Consumer Data Right rules into actionable steps for small businesses to meet their privacy obligations will help protect small businesses, reduce compliance burdens and address priority privacy concerns for individuals,” he said.
Pending the implementation of the initiatives, the ASBFEO has reminded small businesses that they can take some important steps cybersecurity right now such as setting up multi-factor authentication, sophisticated passwords or passphrases, making sure not everybody’s got full access to all parts of key technology, having secure backups of critical data, and checking with the Cyber Security Centre at www.cyber.gov.au.
Council of Small Business Organisations Australia (COSBOA) also welcomed the initiatives given that cybersecurity risks have remained a high concern for small businesses.
“Forty-three per cent of all cyber crimes are targeted towards small businesses, with attacks costing the small-business sector an estimated $2 billion a year,” COSBOA CEO Luke Achterstraat said. “Small-business owners and employees are time-poor and often inadequately prepared for cyber threats. These programs open the door for small businesses to have the cyber conversation, receive a diagnosis and be referred to appropriate courses of action.”
COSBOA also welcomed the development of a single online reporting portal to help businesses navigate mandatory obligations.
“Small businesses require ease-of-use, and for reporting obligations to exist all under the one roof – only with reduced red tape will small businesses be able to understand and execute their reporting responsibilities,” Achterstraat said.