The latest research from global technology platform Zoho reveals that an estimated 600,000+ Australian small and medium enterprises, or a quarter of Australia’s 2.5 million SME population, would not Ssurvive the financial and reputational damage of a privacy breach.
The research found that 24 per cent of the 784 SMEs surveyed said they would not survive the financial impact of a privacy breach, while 23.7 per cent said they could not recover from the reputational hit.
As such, data privacy has become a key priority for SMEs. 45.4 per cent have ranked data privacy as a top business priority, while 30 per cent ranked it as important. And 79.6 per cent acknowledged that those breaches have influenced their views on privacy concerns, and of them, 64.8 per cent have taken action to improve their protections.
However, while 35.2 per cent have become more concerned in the wake of major breaches, they have still not taken action and 18.4 per cent either don’t have a data privacy policy, or do, but have never updated or reviewed it. On the other hand, 44.4 per cent have a well-defined, documented and applied customer privacy policy.
“Data privacy is one of the defining issues for the business community today. Unfortunately, while awareness and concern is increasing, action is not,” Vijay Sundaram, Chief Strategy Officer at Zoho, said. “Small businesses cannot be expected to become privacy and cyber security experts themselves, though. To turn awareness into action, the technology industry and policymakers must incentivise action, so small businesses can implement measures to protect themselves and their customers.
“Otherwise, with regulation becoming more stringent, penalties more severe and privacy breaches more regular and damaging, SMEs will be unfairly and disproportionately impacted,” Sundaram said. “For them, a breach could be catastrophic.”
Currently, small businesses are exempt from The Privacy Act 1988. However, under proposed reforms which the government is currently consulting on and preparing draft legislation, small businesses are expected to lose their exemption and would be liable to steep fines and penalties for infringements or failure to comply.
However, Zoho’s research found that only 51.8 per cent of respondents believe that their business understands its requirements in accordance with The Privacy Act 1988. Meanwhile, 22.9 per cent said that they do not understand the privacy requirements laid out in the law.
“We work with SMEs in various industries. Data privacy is a significant focus for them and their customers, and a responsibility they take very seriously,” Matt Koopmans, CEO and Founder of Aurelian Group, a Zoho channel partner, said. “There are also many SMEs who think they’re too small to be at risk, and so aren’t making any efforts to protect their business or their customers.
“It’s promising to see an increase in awareness in Zoho’s research, which we recognise in our clients,” Koopmans added. “Awareness is the first step, it is time to put it into action. The threat to small business is real and is exacerbated by complacency.
“Regardless of upcoming legislation and consumers becoming more concerned about their data privacy, small businesses should ask themselves, ‘Does the data I collect have value for my business and my customers?’,” Koopmans continued. “Only if the answer is ‘yes, this information is of value to my business operations’, small businesses must reduce risk for both them and their customers; have a clear policy outlining what client data is to be retained, what software or services are sanctioned to be used that can access that data. Businesses shouldn’t use software that they don’t trust, be vigilant in vetting the vendors they do engage, educate their staff about best practice, communicate openly with their customers and put in place plans and policies to guide their response to a breach.”
