Businesses should ensure they prioritise cyber security as part of their budget planning for the new financial year, following a recent spike in ransomware attacks.

Professional services firm RSM Australia said businesses should be investing in protecting their increasingly valuable data from being accessed by cyber criminals, with cyber incidents on the rise.

RSM said there has been a spate of suspected cyber intrusions targeting several small to major Australian businesses, leading to significant financial losses for themselves and their clients and reputational damage.

It also follows recent ransomware attacks on several Perth businesses across financial services, insurance, government and tertiary education industries that severely impacted these organisations’ internal operations, including their ability to service customers.

RSM Australia partner cyber security and privacy risk services Riaan Bronkhorst noted that cyber attacks occur every six minutes and cost many millions of dollars. Bronkhorst said that all businesses are vulnerable, regardless of size.

“Failing to invest in robust protection now risks crippling your business with losses potentially reaching hundreds of thousands of dollars, even into the millions,” he said.

IBM's Cost of a Data Breach report, released last year, indicated that the average cost of a cyber attack is $4.17 million.

Research conducted by RSM last year indicated that organisations often drag their feet on cyber security investments, further exacerbating the problems.

“The delay is reckless and could lead to catastrophic consequences for their businesses, particularly as we are living in a digital age, where cyber criminals are becoming more sophisticated and targeted in their attacks," Bronkhorst said.

“To avoid falling victim to cyber threats there are ways for companies to minimise their risk and protect their sensitive data, and their reputation.”

RSM Australia outlined its top tips for helping businesses budget for increased protection and cyber security.

Businesses should first consider encrypting sensitive information, the firm advised.

"Your valuable personal belongings are protected within your homes under lock and key, so your business and customer data also need protecting from unauthorised access," it said.

"Defining the different data types within an organisation is also crucial."

RSM said businesses should also run a cyber threat analysis, which involves thinking about all the things that could go wrong and how likely they are to happen.

This can help to uncover potential gaps in compliance and operational resilience and to identify threats and vulnerabilities.

It is also important that businesses know who they are working with at all times by performing regulatory vendor and third-party risk assessments and audits on key suppliers, especially those providing IT or cyber security services, the firm said.

RSM said businesses should also ensure they are protected by enabling security in the network they are connected to and enforcing password printing to protect important information from ending up in the wrong place.

It also recommended reviewing recovery plans both within the organisation and those provided by vendors to ensure a "backup parachute" is always ready to be deployed in the event of an emergency.

"Put this to the test with a simulated exercise to identify any system weaknesses," RSM said.

Businesses should also perform a comprehensive network configuration review to identify and address potential weaknesses in systems.

"If these security systems aren’t set up correctly it leaves weak security spots, just like leaving doors unlocked, which makes it easier for criminals to steal your information," the firm said.

User access permissions should also be reviewed, the firm advised.

"Take a close look at who has permission to access sensitive systems and data to ensure only authorised users have access," it said.

RSM said businesses need to stay informed, review policies and regulations often and keep an eye on any new regulations that may have come into effect.

Businesses should also assess monitoring tools and identify if there is a need to upgrade or replace any custom use cases, such as laptops, mobile devices, cyber security detection services and security operation centres.

Last, the firm also stressed the importance of education.

"Upskill users and business leaders with an understanding of personally identifiable information, phishing, vishing and other social engineering techniques that manipulate people for sensitive information or access online."