A new government report into the state of preparedness for cyberattacks among the nation’s small to medium enterprises has found that more could be done to improve awareness.
The report, released by the New South Wales Small Business Commissioner, looks at the attitudes of SMEs across Australia to potential cyberattacks and found that 55% of SME owners or operators continue to unknowingly expose themselves to cyber risks through their most frequented online activities - sending and receiving emails and operating social media.
The report notes that the frequency of attacks is “rising exponentially” as small businesses now rank cyber crime as their third biggest risk to businesses, behind managing overheads and operating expenses and chasing payments and cash flow.
“Given that small businesses account for more than 97% of Australia’s business landscape, it is imperative they continue to increase their awareness of cybercrime and take steps to protect themselves,” the report states.
For brokers, who play a vital role in building awareness of cyber threats and ways to mitigate and transfer SME cyber risk, the report offers an insight into client thinking around the issue. While awareness of cyber as an issue is rising for SMEs, they continue to ignore simple tools such as staff education, encryption and regularly changing passwords which could help further protect assets.
Brian Knight, CEO of Kaplan Professional, which recently released a new online library to educate around cyber risk, said that education and awareness are key to ensuring cyber safety.
“It is not the domain of the IT department anymore,” Knight told Insurance Business. “I think businesses need to be on the front foot with this; let’s keep educating people.”
Knight noted that building awareness will be crucial under new mandatory breach notification, which comes into force in February, and will see businesses governed by the Privacy Act forced to demonstrate the activities taken to avoid a cyber breach.
Through training and building awareness, Knight said businesses can cut down on their biggest risk.
“You have to be able to show under the new legislation that you are training your people and you are giving them relevant training,” Knight continued. “It is human error that is the biggest threat to cyber security.”
Related stories:
Get set for cyber warfare in 2018 – Willis Towers Watson expert
The relevance of cyber insurance in an interconnected world