Current estimates show that cyber crime is costing the Australian economy more than $1 billion annually.
The Australian Small Business and Family Enterprise Ombudsman reports that small business is now the target of 43% of all cyber crime.
An even more alarming statistic shows that 60% of small business hit with a significant cyber breach go out of business within the following six months.
The Minister for Law Enforcement and Cyber Security Angus Taylor says in 2018, Australia is experiencing a dramatic rise in the number of cyber attacks.
“The number of reported attacks is up around 30% this year, and many of those reports are coming from small business."
And, he says, the typical organisation sees around 120 cyber attacks each year.
“Cyber criminals around the world - and this is a global phenomenon - are attracted to targeting and attacking small businesses because they see them as vulnerable targets," Cyber Security Minister Angus Taylor says.
And many owner-operators in Australia have a false sense of security, with the Ombudsman reporting that 87% of small businesses rely on anti-viral software alone.
“So this is a very significant issue and we are concerned to make sure small businesses are prepared and take the right precautions against these cyber attacks,” the Minister says.
There are large profits to be made from stolen data, and criminals are becoming ever more sophisticated in their methods.
CEO of Dual Asia Pacific Damien Coates says a good example is social engineering or phishing.
“This is where a company suffers a loss as a result of paying an invoice for what looks to be a legitimate vendor, when in fact it’s a fake invoice, that’s been generated by someone whose hacked your systems,” he says.
The Telstra Security Report 2018, found that these Business Email Compromise (BEC) attacks are among the highest security risks for IT departments in Australia. Government figures suggest BEC attacks cost Australian businesses more than $20 million in 2016.
Adding to the pressure of a cyber threat is the recent introduction of mandatory data breach reporting laws, under the Notifiable Data Breach (NDB) scheme.
The legislation requires businesses with a turnover of more than $3 million annually, and some smaller businesses, to report a data breach that’s likely to result in serious harm to an individual, to the Office of the Australian Information Commissioner.
Failure to comply can attract fines of more than $2 million.
There were more than 47,000 cyber attacks reported last year with fears the real number could be much higher.
“We suspect there is under-reporting of cyber attacks and one very real reason is people don’t know where to go,” Minister Taylor says.
ACORN is the Australian Online reporting Network and small businesses affected by cyber crime are urged to report immediately.
Ransomware is the fastest growing source of cyber attacks and is essentially a virus that locks down or shuts down a businesses computer.
Coates sees the impact firsthand.
“Companies that’ve had their networks go down and lost profits are sometimes not able to recover from the reputational damage that was caused as a result of the failure of their systems and, ultimately, their customers have lost confidence and they’ve gone bust," he says.
While Australia escaped the worst of the WannaCry ransomware attack in 2017 - which affected 200,000 computers in 150 countries - the government warns Australians cannot be complacent.
“Ransomware can actually shut a business down until the ransom is paid,” the Minister explains.
“We do not encourage small business to pay the ransom.”
Yet Telstra’s threat report found that almost half of all Australian small businesses targeted paid the ransom, and 83% say they would do so again.
“Small businesses that suffer an attack should go to the ACORN web site or report to their local police. There very often are solutions that small business can tap into and avoid having to pay a ransom, which doesn’t help in solving this problem,” the Minister says.
The Ombudsman also advises owner-operators to use strong passwords, and ensure their software is current and well protected, and to take business insurance.
Michael Gottlieb, founder and MD of BizCover, says while cyber insurance uptake is growing quickly, many small businesses don’t know what it covers.
“If you have a claim and at the end of the day you lose your business or there’s a substantial loss for you and one that you can’t afford, you’re going to turn around and say I should have bought insurance for that,” Michael explains.
“The statistics show that 40,000 businesses reported a cyber attack last year, and those numbers are only increasing every year. Unfortunately, it’s not something that we can assume it won’t happen to us anymore!"
Watch this story at the top of the page, or catch the full episode on SBS On Demand.