Inflation, skills shortages, the lingering impact of COVID – there’s a lot for Australia’s small and medium-sized businesses to worry about.
So it’s perhaps not too surprising that only a quarter of SMEs rate cyber security among their top three concerns.
That’s despite just under half of their businesses having already experienced a cyber attack, according to a survey of 510 SMEs conducted for Westpac. When it comes to medium-sized enterprises – those with 20 to 199 employees – the figure rises to 78 per cent.
“If you’re running a small business, you have a lot to juggle, and it can be daunting to invest the time, energy and money in making yourself a harder target,” said Richard Johnson, Westpac Group Chief Information Security Officer.
“That’s especially true as small business owners often have to wear several hats, including IT,” he added. The research found 64 per cent of SME leaders handle IT for their own business
Westpac has devised the Cyber Response Playbook to encourage stretched small business owners to address their cyber security risks. It includes a five-step plan on how to prepare for, detect and respond to a threat, and how to get a business back online afterwards.
Cyber attacks rated as only the joint-sixth biggest worry for SMEs, the survey showed, but the issue is certainly on their radar. The research found 73 per cent were at least somewhat concerned about the threat, with 10 per cent being extremely concerned.
Nearly 70 per cent have some processes in place to respond to a threat, with 62 per cent planning to invest in cyber security in the next year.
“This level of focus is encouraging, but in cyber there’s always more to do, and we’d like to see them even higher,” Richard said.
“With 90 per cent of SME leaders agreeing they could do more to prepare, we’re hoping this playbook can help businesses counter the threat.”
When the risk of a cyber attack becomes a reality, it can disable a business. Nearly a fifth of respondents said they had to shut down their business until an issue was fixed. A quarter lost data, and eight per cent had to pay a ransom, while 45 per cent had to change all their passwords.
Yet only a third have purchased cyber security software.
Derek Bopping, First Assistant Director-General, Cyber, Engagement and Strategy Divison at the Australian Cyber Security Centre said a cyber response playbook was crucial for hitting the ground running if there is a cyber incident.
“Too often, we see small and medium sized businesses lose days and weeks to cyber attacks, simply because they are not prepared and don’t know how to handle an attack,” he said.
“As threats continue to rise we encourage every business to spend time planning for a potential attack.”