In the wake of the ongoing cost-of-doing-business crisis, 22 per cent of small businesses and 15 per cent of medium businesses plan to reduce spending on cybersecurity management, according to the latest SME Cyber Security Management report by Business NSW.
This is despite a 24 per cent increase from the previous year in reported cyber crimes in Australia in the last financial year at 94,000 according to the Australian Signals Directorate.
Business NSW CEO Daniel Hunter commented that the figures should be a wake-up call for both state and federal governments to act now.
“Businesses dealing with ballooning insurance, energy and tax bills are alarmingly being forced to make the hard decision to cut spending on cyber security – a decision they should not be forced to make,” Hunter said. “As business overheads continue to rise, there is a risk more SMEs will de-prioritise cyber security management. Yet the average small business, if targeted by cyber criminals, is losing almost $50,000 to cyber attacks – and the problem is getting worse.”
He added, “Businesses have told us about the devastating impact on staff wellbeing. One staff member of a regional NSW book-keeping business suffered a severe mental health impact as a result. These stories are all too common.”
Small businesses aren’t prepared for cyber attacks
Small businesses self-reported that they are the least prepared to prevent and withstand cyber attacks (with an average score of 5.1 out of 10) compared to medium businesses (6.2) and large businesses (6.7). But while 34 per cent of small businesses and 43 per cent of medium businesses in NSW have experienced cyber attacks in the 12 months to August 2023, 41 per cent of small businesses and 15 per cent of medium businesses have taken no actions to enhance cyber security as they can’t afford it.
“The NSW and Federal governments must rapidly incentivise SMEs to ensure they have the appropriate level of cyber protection,” Hunter suggested.
The report’s launch was also attended by Dr Andrew Charlton MP, Special Envoy for Cyber Security and Digital Resilience, who commented, “I know firsthand the pressures of running a small business, especially when every dollar counts. The good news is that there are basic steps every small business can take to significantly reduce cyber risk, often at no or minimal cost. This includes using strong, unique passwords, enabling multi-factor authentication, and keeping software up to date.”
Charlton added, “On top of that, the Government’s cyber programs and the $20.8 million Cyber Health Check offer further support to help protect your business without adding to your financial strain.”
In addressing the dire cybersecurity situation, Business NSW has called for the following actions to be taken:
- that the Federal Government provide a 20 per cent deduction bonus on all cybersecurity-related expenditure to enable businesses to invest in cybersecurity;
- that the NSW Government expand the Service NSW Business Bureau’s role to include guidance on cyber security for businesses;
- that the Federal and NSW governments continue to review current small business-focused cyber initiatives to understand their take-up and efficacy; and
- that the Federal and NSW governments, alongside relevant industry leaders and membership organisations, combine to support SMEs and ensure their cyber security.
