This has raised concerns of the regulators.
According to a recent report by ASIC, ‘medium to large’ business firms are recently been reporting severe cyber security capabilities in comparison to other organizations, including supply chain risk management, data security, and consequence management.
In response to the aforementioned threats, the Australian government has announced an AU $20 million package to boost small businesses. An optional cyber "health check" program is being established as part of this to assist small business owners in assessing the maturity of their cyber security. A Small Business Cyber Resilience Service, which will offer a one-on-one service to assist small firms in recovering from a cyber assault, will also receive $11 million of the package.
This initiative will focus on areas where SMBs are the most vulnerable. However, small firms will also need to take it upon themselves to place a lot greater emphasis on resilience than they have been doing in the face of growing cyber threats.
The ASIC research analysis found that small businesses are only slightly more effective than half of their medium and big counterparts in several areas, such as identifying threats and overcoming them.
The significant percentages of small businesses are as follows:
The Annual Cyber Threat Report 2022-23 published by the Australian Signals Directorate reveals that the average cost of cybercrime has increased by 14% over the past year. Small firms paid $46,000, medium-sized organizations paid $97,200, and bigger enterprises paid $71,600.
Of course, that is a financial burden for any business, but it seems to be especially harmful for SMBs. Approximately 60% of small firms that experience a breach ultimately go out of business as a direct result of it.
These organizations face a real existential threat from cyber security. Even those who manage to escape the breach's direct costs still have to deal with the harm to their reputation, which can cost them partners and customers as well as short-term cash flow. In the best-case scenario, a cyberattack "just" prevents the small business from expanding and growing.
After identifying the restrictions on resources available to small businesses, the ASD and Australian Cyber Security Centre have designed the Essential Eight, a set of best practices for security and small enterprises. These are as follows: