Small and medium-sized enterprises (SMEs) in Australia face a growing cybersecurity gap as cyber threats escalate, but many lack adequate resources to strengthen their defences, according to a recent dialogue paper by the Actuaries Institute.
Written by actuary Win-Li Toh and co-authors Dr Michael Neary and Sarah Wood, the report outlines the disparity between large corporations and the country’s nearly 3 million SMEs in terms of cyber preparedness.
The paper recommends that bridging this cybersecurity divide will require sustained collaboration among government, insurers, technology providers, and the SME sector.
Win-Li Toh, a principal at actuarial consultancy Taylor Fry and incoming president of the Actuaries Institute for 2025, noted that while high-profile cyberattacks have prompted many large businesses to upgrade their security, smaller companies often struggle to keep up.
“SMEs often haven’t had the bandwidth or opportunity to really understand and tackle the risks. Many have put cyber into the ‘too hard basket’ because they’re daunted by the technical jargon and don’t know where to start with implementing cyber security measures,” she said.
She added that some SMEs also mistakenly believe that they are not at risk, although a serious incident could have severe impacts on their business.
Cybercrime incidents in Australia have risen sharply, with government data indicating a 23% increase in reported cybercrimes over the 2022-23 period, totalling over 94,000 cases. For SMEs, the financial impact of a cyber breach has risen, with the average cost increasing by 15% to $46,000 for small businesses and $97,000 for medium businesses.
In related news, a report by compliance platform ISMS.online highlighted the rise of deepfake technology as a cyber threat for Australian businesses. Surveying 506 information security leaders across industries including finance, healthcare, and energy, the report found that 24% of organisations encountered deepfake-related security incidents in the past year.
Toh highlighted the urgency for SMEs to adopt effective cybersecurity measures, given that 62% of these businesses reported experiencing cyberattacks last year.
“Given SMEs are the lifeblood of our economy, employing up to a third of our workforce, and cyber risks are always changing, they shouldn’t be dependent on luck to protect them from a cyberattack – they need to depend on knowledge, good cyber hygiene, and robust cyber defences,” she said.
She said that many SMEs handle sensitive information, from customer data to health records, and a cyberattack could have substantial impacts beyond the immediate business.
Toh and her co-authors advocate for more targeted support for SMEs, such as practical and affordable cybersecurity solutions tailored to their needs. Initiatives like the federal government’s Cyber Wardens program, introduced in the 2023 budget, aim to support SMEs in strengthening their cyber capabilities.
The report also suggests the establishment of uniform and accessible cybersecurity certifications to help SMEs demonstrate their security preparedness.