Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

Playbook to help SMEs tackle cyber security threats

07:45am August 31 2022

Faced with a growing number of challenges, small business owners often struggle to invest time and resources on bolstering their cyber defences. (Getty)

Inflation, skills shortages, the lingering impact of COVID – there’s a lot for Australia’s small and medium-sized businesses to worry about.

So it’s perhaps not too surprising that only a quarter of SMEs rate cyber security among their top three concerns.

That’s despite just under half of their businesses having already experienced a cyber attack, according to a survey of 510 SMEs conducted for Westpac. When it comes to medium-sized enterprises – those with 20 to 199 employees – the figure rises to 78 per cent. 

“If you’re running a small business, you have a lot to juggle, and it can be daunting to invest the time, energy and money in making yourself a harder target,” said Richard Johnson, Westpac Group Chief Information Security Officer.

“That’s especially true as small business owners often have to wear several hats, including IT,” he added. The research found 64 per cent of SME leaders handle IT for their own business

Westpac has devised the Cyber Response Playbook to encourage stretched small business owners to address their cyber security risks. It includes a five-step plan on how to prepare for, detect and respond to a threat, and how to get a business back online afterwards.

Westpac's chief information security officer Richard Johnson. (Supplied)

Cyber attacks rated as only the joint-sixth biggest worry for SMEs, the survey showed, but the issue is certainly on their radar. The research found 73 per cent were at least somewhat concerned about the threat, with 10 per cent being extremely concerned.

Nearly 70 per cent have some processes in place to respond to a threat, with 62 per cent planning to invest in cyber security in the next year.

“This level of focus is encouraging, but in cyber there’s always more to do, and we’d like to see them even higher,” Richard said.

“With 90 per cent of SME leaders agreeing they could do more to prepare, we’re hoping this playbook can help businesses counter the threat.”

When the risk of a cyber attack becomes a reality, it can disable a business. Nearly a fifth of respondents said they had to shut down their business until an issue was fixed. A quarter lost data, and eight per cent had to pay a ransom, while 45 per cent had to change all their passwords.

Yet only a third have purchased cyber security software.

Derek Bopping, First Assistant Director-General, Cyber, Engagement and Strategy Divison at the Australian Cyber Security Centre said a cyber response playbook was crucial for hitting the ground running if there is a cyber incident.

“Too often, we see small and medium sized businesses lose days and weeks to cyber attacks, simply because they are not prepared and don’t know how to handle an attack,” he said.

“As threats continue to rise we encourage every business to spend time planning for a potential attack.”

Meg is a Sydney writer who has worked for the Daily Telegraph and 2UE, and more recently has written for The Guardian Australia and The Australian. She has published two solo ,and four co-authored, novels and co-edited an anthology. She is the editor of Westpac’s internal news channels.

Browse topics