Australian small businesses lack cyber security plans, research finds

A significant gap exists in cybersecurity readiness among Australian small businesses, with only 40% prioritizing these measures, according to recent research. The majority lack a cyber plan and underestimate their risks, despite the increasing frequency of incidents, as reported by Arn Net.

Research from Ipsos, commissioned by Optus, indicates that one in three Australian small businesses have experienced a cyber incident, yet many remain underprepared. Sole traders are particularly vulnerable, with 79% lacking a cyber response plan and 38% taking no action after an incident. Phishing and email scams are the most common attack methods, accounting for 38% of incidents, followed by malware (24%) and impersonation attacks (24%). Common vulnerabilities exploited include reused passwords and weak password hygiene.

The Office of the Australian Information Commissioner (OAIC) is increasing scrutiny, with a compliance sweep targeting sectors like property, pharmacies, and licensed venues due to high privacy risks. Small businesses spend an average of only two hours per month on cyber prevention, with some dedicating no time at all, leaving them susceptible to financial loss, productivity decline, and recovery resource drain.

Source: Arn Net