While the recent Optus and Medicare breaches have increased consumer awareness of cyber crime, the SME sector has been slower to respond.
According to HLB Mann Judd, the local SME sector lags behind its global peers when it comes to responding to cyber security concerns.
This is partly due to small businesses not being required to report cyber breaches, the firm’s Melbourne partner Kapil Kukreja has said.
Namely in Australia, and under the Mandatory Reporting of Data Breaches regulation, businesses with an annual turnover greater than $3 million must report cyber hacks. However, businesses with a turnover of less than $3 million per year are not required to.
“Given 99.8 per cent of Australian businesses are SMEs, it does create a major disparity in knowing the true extent of cyber crime across the country,” Mr Kukreja said.
“There have been instances where SMEs have been the victim of a cyber security attack and have gone under within six months. Business owners need to be more accountable and ensure their operations are safeguarded against an attack.”
While noting the presence of room for improvement across all sectors, Mr Kukreja said this is particularly true within the SME space.
According to him, all businesses should set aside 1 to 5 per cent of their annual turnover to cyber security.
“This is a guide and it will depend on a range of factors, such as nature of the business and complexity of its systems, but the key for SMEs is they need a budget set aside along with a formal cyber strategy and cyber response plan; it’s about smart spending and it can’t be an afterthought,” he said.
Mr Kukreja recommended the following tips for SMEs in mitigating a cyber breach:
Never miss the stories that impact the industry.
Get the latest news! Subscribe to the ifa bulletin