New research paints a bleak picture of the state of cyber security among Australian small businesses. Released in recognition of Cyber Security Awareness Month, the study by GoDaddy reports that two in three small businesses have no security protections on their website and only 15 per cent would know how to deal with an attack, despite three quarters of Australian small businesses recognising the risks such an attack poses.
These revelations are in line with the recent report of the Australian Cyber Security Centre declaring that it received more than 67,500 cybercrime reports from June 2020 to July 2021, a 13 per cent increase on the previous year.
Of those those small businesses that haven’t added protections, 40 per cent said it is due to a lack of accessible and straightforward information online. Meanwhile, 45 per cent reported that they don’t feel they have the skills or backup to deal with a cyber-attack on their website.
GoDaddy also reported that 22 per cent of Australian small businesses have already experienced a security breach on their website. Of those compromised businesses, 75 per cent reported having experienced website downtime – with 40 per cent experiencing an outage of over three days – while reputational damage (35 per cent) and financial loss (32 per cent) were other common impacts.
“A cyber security incident can have numerous negative impacts on small businesses,” Tamara Oppen, Managing Director of GoDaddy Australia, said. “Knowing the risks and, more importantly, how to protect your business is crucial, especially as we approach critical retail shopping periods like Black Friday and Christmas. Small businesses need to consider the security of their online presence, just as they do the security of their offline presence.”
The research also reveals that a deep understanding and subsequent actions to proactively put protections in place remain low. And while Australian businesses are aware of threats like malware, phishing and ransomware, fewer than half said they were aware of other important threats such as DDoS attacks, SQL injection and man in the middle.
“It’s reassuring that three-quarters of small businesses are aware of the risks posed by a cyberattack, but we can help turn awareness into action to help protect Australian businesses and their customers,” Oppen said. “Our research found that 40 per cent of small businesses haven’t added protections to their website because information was unclear and confusing, leaving their business potentially vulnerable.”
