Only 2% of small businesses make protecting cyber security a priority: official report

Small businesses are failing to recognise the importance of protecting themselves online, with research published this week revealing only about 2% of small businesses are prioritising protecting their online information.

Cybercrime is a growing problem for Australian businesses, with small businesses increasingly becoming the target of malicious cyber scams and hacks.

Timed to coincide with Stay Smart Online week, the research from the Department of Communication and the Arts also found 60% of businesses that experience a cyber attack go out of business within six months of the incident.

The research forms part of a guide for small business developed by the Department of Communications and the Arts.

Called the Stay Smart Online Small Business Guide, the guide aims to show how businesses can protect their business in “five minutes” and help SMEs with tips about some of the best cybersecurity practices around.

AVG security advisor Michael McKinnon told SmartCompany the finding that only 2% of small businesses are prioritising cybersecurity is not surprising.

“When I see these stats I’m never surprised,” he says.

“Whenever I speak to small businesses, I find they are all very concerned about security, but there are other things they have to worry about as well.”

McKinnon says in his experience most small businesses place security as “always the last thing”, as other more pressing things in the business took precedence.

But he warns against reading too much into some of the other statistics, especially the finding that 60% of businesses go under after sustaining a cyberattack.

McKinnon says the figure is likely to be “skewed” because only businesses that suffer drastically at the hands of cyber criminals are likely to speak up and other small businesses that might have suffered to a lesser extent or can defend themselves may not report it.

“Some of these stats are a bit skewed in that we don’t often know how many businesses are out there which experience this level of attack,” he says.

“Some have some level of preparedness, but other small businesses who suffer smaller losses don’t feel the need to report it.”

McKinnon says because some scammers are only taking small amounts, at most in the hundreds of dollars, most businesses that lose these sums of money would “write off” the loss without reporting it.

“A loss of about $400- $500 tends to be the price point most will write off,” he says.

But he says the popularity of things like ransomware, where all critical files become encrypted and held to ransom for a fee, could be highly damaging for a business and could lead to it collapsing.

“If you can imagine a list of businesses attacked who have had something serious happen to them,” he says.

“Six out of 10 would have trouble functioning.

 “You don’t want to pay these guys money to get files back, you don’t want to perpetuate this crime further.

“If it’s a significant loss of data, it might make it difficult for a small business to go on.”

McKinnon says more small businesses should be taking care of their cybersecurity needs.

“But most small businesses also need to be careful about what it can achieve,” he says.

He says businesses should “keep it simple” at first and think about how about how secure the files it is storing are.

“I think often business is constrained by time and resources,” he says.

“If I can break down tasks of securing the business into smaller manageable chunks, I’m likely to make some headway. “

McKinnon says having a “good security posture” is also important.

“One of the better things a company can do is to make sure it’s investing in new tech,” he says.

“That means updating computers, mobile devices, updating operating systems and software.

“That needs to come before security – the side-effect of spending wisely on latest technology is good security.”