Results of a new survey conducted by the Council of Small Business Organisations Australia (COSBOA) reveal that the majority of small businesses are not confident in their ability to respond to cyber-attacks.
In particular, only one in five small-business owners and employees are confident in their ability to prepare for (23 per cent), fight (21 per cent) and recover from (21 per cent) a cyberthreat, according to a survey of more than 2000 small-business owners and employees.
“Cybercriminals often go by scaled, repeated attacks making small businesses likely targets,” SME insurance expert and BizCover Insurance’s Head of Product, Channels and Risk, Jane Mason, said. “A solid cyber response plan involves two parts: firstly, small-business owners need to implement best-practice cybersecurity to prevent an attack. And secondly, they need a plan in place to manage a data breach if it occurs.”
An ACSC cyber security report reveals that nearly half of all SMEs spend less than $500 on cybersecurity and have an ‘average’ or ‘below average’ understanding of cybersecurity practices. Worse still, the Actuaries Institute report that only 20 per cent of SMEs currently have cyber insurance, compared with 35 per cent to 70 per cent of larger organisations.
“Small businesses often lack dedicated IT staff, fail to identify the weaknesses in their systems, and underestimate the risk,” Mason said. “So, the ability to understand and protect against the risk of cybercrime isn’t there. Many will also not have the financial backing of an insurer to investigate the attack and help get them back online nor will they have the support to cover the legal fees and fines.”
Another striking revelation of the COSBOA survey is the fact that over one-quarter of Gen Z (born between 1997-2010) consider cyber security as something that is best left to IT experts, while an overwhelming majority of those from the older generations (92 per cent) said that it’s a challenge for all employees.
COSBOA noted that while IT experts have a responsibility to set the parameters of a business’s cybersecurity and monitor for any weaknesses, generally every employee has a part to play in being cybersafe.
The widely reported recent Optus and Medibank cyber-attacks, which released the information of millions of Australians last year, occured largely due to a lack of care and human error. The Optus attack was caused by an open application programming interface (API), essentially a gateway to information, which allowed hackers to access sensitive customer data, according to The Guardian. Meanwhile, The Saturday Paper claimed that the Medibank attack, which released sensitive medical records of thousands of people, occurred simply because one single desk support worker didn’t have multi-factor identification.
“Approximately 95 per cent of cybersecurity incidents occur through human error, and while people make mistakes, that number is simply too high,” Mason explained. “Small-business owners only need to point to these examples to explain the impact a simple mistake can have on a business and why it’s important that every employee remains hypervigilant about cybersecurity.”
In addressing these cybersecurity shortcomings, COSBOA is set to launch its new Cyber Wardens program later this year, which aims to increase the confidence of small-business owners when it comes to cybersecurity. Sponsored by Commonwealth Bank (CBA) and Telstra, the Cyber Wardens program is designed to give crucial cyber skills certification for small-business owners to prevent cyber risks from occurring.
“I commend this initiative, which is the first of its kind in Australia,” Mason concluded.
