SMEs to slash spending on cyber security despite risks: Business NSW
Tough economic conditions are forcing SMEs to cut spending on cyber security despite an increased risk of cyber crime, a Business NSW report has revealed.
New research by Business NSW has indicated small businesses are being forced to cut spending on cyber security as the cost of doing business continues to be a “concerning” challenge.
The SME Cyber Security Management Report revealed that 22 per cent of small businesses and 15 per cent of medium businesses plan to reduce spending on cyber security management.
This decision comes despite an increase in cyber attacks and SME advocates firmly advising businesses to increase investment in cyber security.
Business NSW said Australian Signals Directorate data highlighted 94,000 reported cyber crimes in the last financial year alone, a 24 per cent increase from the previous year.
Business NSW CEO Daniel Hunter said the “sobering figures” are a wake-up call for state and federal governments.
“Businesses dealing with ballooning insurance, energy and tax bills are alarmingly being forced to make the hard decision to cut spending on cyber security – a decision they should not be forced to make,” he said.
“As business overheads continue to rise, there is a risk more SMEs will de-prioritise cyber security management.”
“Yet the average small business, if targeted by cyber criminals, is losing almost $50,000 to cyber attacks which shows the problem is getting worse.”
Business NSW noted this issue is also having a devastating impact on staff wellbeing.
Small businesses reported they are the least prepared to prevent and withstand cyber attacks, scoring 5.1 out of 10.
Medium businesses were scored at 6.2 and large businesses at 6.7, in terms of being prepared to prevent and withstand a potential cyber attack.
According to the report, 34 per cent of small businesses and 43 per cent of medium businesses in NSW experienced cyber attacks in the 12 months to August 2023.
Forty-one per cent of small businesses and 15 per cent of medium businesses said they can’t afford cyber security and have not enforced any precautions.
Hunter noted the NSW and federal governments could and should be doing more to encourage cyber security within Australian SMEs.
Special envoy for cyber security and digital resilience, Dr Andrew Charlton, said he knows firsthand the pressures of running a small business, especially when every dollar counts.
“The good news is that there are basic steps every small business can take to significantly reduce cyber risk, often at no or minimal cost,” Charlton said.
“This includes using strong, unique passwords, enabling multi-factor authentication and keeping software up to date.”
The government's cyber programs and the $20.8 million cyber health check offer further support to help protect businesses without adding to financial strain, Charlton said.
Along with the release of the report, Business NSW has called for recommendations to be taken on board by the government.
Business NSW said the federal government should provide a 20 per cent deduction bonus on all cyber security-related expenditures to enable businesses to invest in cyber security.
The NSW government has also been recommended to expand the service NSW business bureau’s role to include guidance on cyber security for businesses and to continue to review SME cyber initiatives.
The federal and NSW governments should support SMEs and ensure their cyber security with relevant industry leaders and membership organisations, Business NSW said.