Cyber attacks are on the rise, with criminals constantly searching for vulnerabilities in business IT systems and exploiting human error.  

If you think your business is too small to be targeted, think again: Recent research from the Actuaries Institute shows that 44% of small business owners are not being proactive about cyber security because they believe it’s too complex to tackle, yet worryingly, 63% of small and medium enterprises (SMEs) have experienced a cyber security incident.  

This article explains what you need to know to protect your business.   

The real cost of cybercrime in Australia 

Data from the Annual Cyber Threat Report 2023-2024 tells a concerning story:  

  • A cybercrime is reported every 6 minutes (that’s over 87,400 reports annually) 
  • The average cost per cybercrime for small businesses is $49,600, $62,800 for medium businesses, and $63,600 for large businesses. 
  • The top 3 self-reported cybercrime types for businesses are email compromise (20%), online banking fraud (13%) and business email compromise with financial loss (13%).  

Why cyber security is everyone’s business 

Cyber security is more than an IT issue – it’s a business risk that affects every level of your organisation. All organisational leaders need to be well informed about cyber security risks and mitigation – relying on the IT department or an outsourced IT provider is no longer enough. 

And while technical solutions are important, human error remains a significant factor in security breaches, whether through: 

  • Stolen credentials 
  • Clicking on phishing emails 
  • Accidental data exposure.  

So, cyber security is everyone’s business, and staff at all levels need to be aware and informed. 

Plenty of resources are available for businesses, some of which we’ll explore below. 

Common cyber threats to watch out for

1. Phishing scams 

These are fake emails or messages trying to trick you into:

  • sharing passwords 
  • sharing confidential details 
  • clicking malicious links. 

They often look legitimate but contain suspicious links or urgent requests.  

2. Malware

Malware is malicious software designed to cause harm that can infect your devices and  

  • delete or corrupt your files 
  • stop your devices from working properly 
  • give others access to your private data.  

3. Ransomware

A particularly nasty type of malware that locks up your files and demands payment to release them. 

Practical steps to protect your business 

Cyber security for small businesses 

1. Use software tools: 

  • Set up automatic updates: Regular software updates will help you close any security gaps. 
  • Back up your data daily: This ensures you can recover your data in the event of a cyberattack.   
  • Use multi-factor authentication (MFA): To prevent unauthorised access to systems and data. 

2. Focus on people and procedures: 

  • Control access levels: Make sure you know who in your business has access to what, and limit data access to necessary people only. 
  • Use strong passwords: Choose a password manager app for your business (like Keeper, LastPass, or 1Password) and use it to generate and securely store strong passwords
  • Train your team: See the small business resources below for training opportunities to share with your employees.

Cyber security for medium and large businesses

Consider implementing the Essential Eight framework from the Australian Cyber Security Centre. Although this may require technical support, implementing these essential mitigation strategies will make your business more robust against cyber attacks. 

The essential eight mitigation strategies are:  

  1. Application control: Control which applications can run on your systems 
  2. Patch applications: Keep all software up to date 
  3. Configure Microsoft Office macro settings: Prevent macros from running automatically and potentially executing malicious code. 
  4. User application hardening: Set up protective browser and email settings 
  5. Restrict administrative privileges: Prevent unauthorised changes to systems and data. 
  6. Patch operating systems: Update operating systems with the latest security patches to prevent known vulnerabilities from being exploited.   
  7. Use multi-factor authentication (MFA): To prevent unauthorised access to systems and data.  
  8. Back up your data daily: This ensures you can recover your data in the event of a cyberattack.   
The Essential Eight - Outlining the 8 steps of the Essential Eight

Cyber security for large organisations

Larger organisations are going to require more in-depth cyber security controls and may consider applying the following: 

  • ISO 27001: International standards focused on information security. 
  • Information Security Manual: An Australian-based cyber security framework that organisations can apply, using their risk management framework, to protect their information and systems. 

Free cyber security resources for Australian businesses 

Small business cyber security guide and checklist

The Australian Government has published a small business cyber security resource with a 12-page downloadable guide and a cyber security checklist.  

The guide is a great starting point for small business owners. It uses non-technical terminology and includes case studies to illustrate a range of scams and fraud attempts. It also explains how to secure your accounts, protect your devices and educate your staff. 

Cyber Wardens training program

The Australian Government has launched a free Cyber Wardens training program specifically designed for small business owners and employees of SMEs. This program includes multiple learning modules to increase cyber awareness and protect your business from attacks.  

  1. Understand the key cyber threats 
  2. Identify security gaps in your business 
  3. Take practical steps to improve your cyber resilience.  

Small Business Cyber Resilience Services

The Australian Government’s Small Business Cyber Resilience Service offers free, tailored, one-on-one support for small businesses with 19 or less employees (including sole traders). The service can help you create a cyber security plan for your business or recover from a cyber attack.

Need additional support?

While we’re not cyber security experts, we understand how vital this is for your business success. Our Business Advisory team can help you: 

  • understand your cyber risks 
  • connect with appropriate IT security experts 
  • plan for protecting your valuable business data.  

You can reach out to us by:   

This article was written by Senior Auditor Olivia Hoskin.

Stay informed with our monthly newsletter  

For the latest tax tips, financial news, and business advice from our industry experts, subscribe to our monthly newsletter, The General Account.  

Disclaimer: The information provided in this article is factual in nature and objectively ascertainable and, therefore, does not constitute financial product advice. Importantly, the factual information that has been supplied does not take into account your personal circumstances, objectives or goals.