While a series of cyber attacks in the past two years provided a stark wake-up call for Corporate Australia to strengthen their cyber security and preparedness, many small-to-medium-sized businesses (SMEs) have not followed suit, said Taylor Fry principal Win-Li Toh.
In a dialogue paper, “Cyber Protection Gap Widens for SMEs”, published by the Actuaries Institute, Ms Toh, with coauthors Dr Michael Neary and Ms Sarah Wood said there was a growing gap between Australian corporates and the nation’s 3m SMEs in terms of preparedness to counter cyber attacks.
SMEs risk being left behind in the fight against costly cyber attacks unless they receive more help to bolster defences. Bridging that cyber protection gap will require continual collaboration between the government, insurers, tech providers and the SME community, the authors argued.
Barriers
Ms Toh said, “SMEs often haven’t had the bandwidth or opportunity to really understand and tackle the risks. Many have put cyber into the ‘too hard basket’ because they’re daunted by the technical jargon and don’t know where to start with implementing cyber security measures.
“Another barrier is the cost associated with cyber security when SMEs are battling challenging economic conditions. Some SMEs also mistakenly believe they’re too small to be targeted by cyber criminals. They don’t realise a serious cyber incident could cause their business to collapse.”
Cyber crimes
Overall, the number of cyber crimes reported in Australia during 2022-23 increased by 23% to 94,000. The average cost of cyber crime for a small business rose by 15% to A$46,000 ($30,000).
Ms Toh, who is the incoming Actuaries Institute’s president for 2025, said that 62% of SMEs have reported a cyber attack.
“Given SMEs are the lifeblood of our economy, employing up to a third of our workforce, and cyber risks are always changing, they shouldn’t be dependent on luck to protect them from a cyber attack — they need to depend on knowledge, good cyber hygiene and robust cyber defences.”
She added, “Recent initiatives designed to help SMEs improve their cyber capabilities, such as the Cyber Wardens programme announced in the 2023 federal budget, are very welcome. We also support the development of consistent, achievable and affordable cyber security certifications for SMEs to help them demonstrate their cyber preparedness.”