Cyber Security in Australia: Is Your Small Business Prepared?

In the wake of major data breaches, Australian small businesses are at the forefront of cyber threats. Discover how to fortify your digital defences and navigate the evolving cyber landscape.

Recent high-profile data breaches, including those at Medibank Private and Optus, have highlighted the pressing need for cyber security awareness in Australia.

Although these crimes involved large organisations, email scams, cyberattacks and online scams also represent a major risk for small businesses, particularly if you don’t have the funds or knowhow to strengthen your digital security.

Simple scams, big costs to business

According to the government’s Australian Cyber Security Centre (ACSC), small businesses in particular are at increasing risk of cyberattack, with 43 per cent of all Australian cybercrime now targeting these entities. A cybercrime is reported every seven minutes on average. This alarming frequency underscores the urgency for businesses to bolster their cyber defences.

Cyberattacks often involve fairly straightforward scams. The ACSC highlights the example of a small construction business that received an email from a supplier saying they had changed banks and providing new account details. The construction firm didn’t call their supplier to check and twice paid an invoice for over $70,000.

The supplier was unaware one of its email accounts had been hacked and was sending out fraudulent bank account details. No funds were recovered.

Government Initiatives: Tools and Training to Combat Cyber Threats

To counter growing cyber risks, the government allocated funding to upskill small business owners and employees in the May Federal Budget.

Run by the Council of Small Business Organisations of Australia, the new $23.4 million Cyber Wardens program aims to build small business cyber resilience by training 60,000 non-technical employees.

Cyber Wardens will help other employees prevent digital threats in a similar way to workplace safety officers. This initiative is a testament to the government’s commitment to ensuring the digital safety of Australian enterprises.

ACSA has revamped its Cyber Security for Small Business Guide and accompanying video. One of its key recommendations is for small businesses to create a cyber emergency plan and test it using the ACSC’s Exercise in a Box tool.

The ATO is also emphasising the importance of business cyber security and has released a checklist of tips for businesses, such as turning on automatic updates.

“Mitigating Risks: The Importance of Cyber Insurance for Small Businesses

Aside from the obvious inconvenience resulting from a cyberattack, small businesses also face other considerable risk exposures.

There is a mandatory reporting obligation under the Notifiable Data Breaches scheme requiring a business to report data breaches to the government and its customers if the breach is likely to result in data being misused.

The financial losses resulting from a cybercrime can also be considerable, making cyber insurance a worthwhile investment for many small businesses.

These policies cover a wide range of cyber-related financial risks, including losses suffered by third parties (such as customers), cyber extortion, public relations expenses, system and business interruption expenses, and data breach notification costs.

Ensuring Business Continuity: Beyond Cyber Risks

Expenses resulting from a cyberattack are not the only potential risks a small business can face, making appropriate insurance cover invaluable if the worst happens.

While most small businesses have traditional business cover for building, contents, theft, commercial vehicle and general property, other business risks such as business interruption are often overlooked.

Management liability insurance protects the company and the people managing it against the risks and exposures of running the business, such as allegations of misconduct or legislative breaches.

It can also be worth considering key person insurance to compensate your business for financial losses arising from the death or extended incapacity of an important staff member. The lump sum payout can be used to offset costs such as recruiting a successor, or losses such as a decreased ability to transact business in the event of losing a key person.

Public liability insurance covers you and your employees for potential liabilities to third parties if your product or service cause bodily injury or property damage, while professional indemnity protects against liability for damages and legal costs arising from claims due to acts or omissions. It’s crucial for businesses to understand the different insurance options available and choose the ones that best align with their unique risks and needs.

In a constantly evolving risk landscape, taking proactive steps within your business can work to reduce the likelihood of a cyberattack or limit damage should the unfortunate occur.
Staying informed, vigilant, and proactive is the best defence in today’s digital age. Equip your business with the knowledge and tools to navigate the cyber challenges ahead.

This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.