Only 13 per cent of Australian small businesses have a plan to protect their money and valuable client data, says MYOB Group.
Many small- and medium-sized businesses could be at risk of losing money and customers because they don't have a cyber security plan.
Only 13 per cent of small businesses have a plan to protect their money and valuable client data, according to a monthly survey of 400 small business owners by online business management solutions provider MYOB Group.
MYOB chief operating officer Andrew Birch says all types and sizes of business may be susceptible to cyber attack, but attackers may consider smaller businesses more vulnerable because they are unlikely to be as well prepared as larger enterprises.
Cyber attacks can involve individuals in a business being tricked into clicking on a download, email or attachment that may contain a virus or ransomware.
A cyber attack may also involve a false invoice being sent to a business and money being paid to a fraudulent party.
The Australian Cybercrime Online Reporting Network (ACORN) received 11,851 reports of cybercrime in the June quarter of 2017, 51 per cent of which related to scams or fraud and 19 per cent to purchases or sales.
Last week the Australian government's StaySmartOnline service, which provides information on how home internet users and small businesses can protect themselves from cyber security threats, warned of scam emails under the guise of "E-toll Account statement" or "AusPost Delivery".
These scam emails invited email users to click on a "View in OneDrive" link which could lead to the installation of malware onto the user's computer.
Earlier in September, a fake email circulated claiming to be an invoice for an eBay purchase, and another email claiming to be "Voice Message from 017234512978 - name unavailable" aimed to download ransomware onto the user's computer.
Mr Birch says cyber attackers are typically after money already in a business's bank account or looking to divert money that should be flowing into that account.
A business can have its bank account emptied in a cyber attack, which could force the enterprise to close down.
Also, cyber attackers seek client information which can be used in identity fraud.
Mr Birch says businesses that turn over more than $3 million a year are obliged under the Privacy Act to protect information and if they have taken no measures to protect themselves, they may be liable for prosecution.
Also, clients who have personal information stolen may have a case to take legal action against the business that was attacked.
"It (cyber attack) has some real downside to it," Mr Birch said.