NSW Small Business Commissioner research SME attitudes and views of cybercrime awareness.
The purpose was to better inform stakeholders of cyber crime awareness amongst small to medium-sized business owners in NSW. While the report only included businesses based in NSW the findings probably exist with enterprises in all states of Australia.
What is cybercrime?
Cybercrime is a much-used phrase these days but the Australian Government 2013, Cybercrime Act 2001 definition is:
noun – dishonest or criminal activity online or by phone. Cyber crime can include deceptive conduct like malicious software or viruses, online or phone scams. Also theft of critical business information, fake overpayments, fake invoicing or hacking a business. The purpose being to obtain a customer’s details or access to a supplier’s network.
What were the research findings?
The government report is a multi-page document but these are the summary points of key findings for easier consumption.
Small to medium-sized enterprises (SMEs) have a limited online presence. 50% limit their digital footprint to a business website with simple contact details and social media sharing functions. Only 20% of businesses sell their products or services online.
Cyber crime is rated by SMEs as the 5th biggest risk to their business.
The main concerns are fraudulent emails or phone calls, social media hacking. However online banking fraud, crypto-ransomware and malware are also concerns.
A victim of cyber crime stated:
What scared me most was when my email was redirected … I was scared for my family and if their personal information had been compromised from the hack. I was also concerned for my clients’ data and the confidential information that I held for them.
The cost of cyber crime to businesses in Australia is rising, costing Australians an estimated $1 billion each year. Cyber crime costs businesses globally more than $3 trillion annually and by 2021 this will exceed $6 trillion.
Surprisingly, the report revealed that SMEs feel informed about cybercrime. Almost 2 in 3 SME owners feel well-informed about the risks of cybercrime. 80% of SME owners feel their business can respond to a security breach. Therefore SMEs are more confident than some ASX-listed companies.
Where do you go for help?
Less than 30% of SMEs report having suffered a cyber crime event. However for those who have, the report showed interesting findings of what help SMEs seek following an event.
- 60% seek help from an IT Forensic Consultant.
- 40% try to Google a solution.
- 35% go to their local Police.
- 34% approach the Government.
[With the help of an IT expert] I am so much more savvy now! My website is being redone—SSL and a more secure server. And information provided by my clients will be encrypted. All my passwords to my emails now are nonsense words. Small business owner and cybercrime victim.
SMEs manage the risks to their business through their own experience. 75% indicated they are influenced by their own experience rather than advice they received from a specialist (lawyer, accountant).
SMEs believe their limited online presence protects them from cyber crime. The most frequent digital activities of SMEs are receiving and sending emails. Almost 50% of SMEs have a social media presence. It is through these activities that SME owner-operators may, unknowingly, expose their businesses to cyber security risks.
When asked if they would be interested in a tool to help them manage cybercrime – 93% said they would. There is a need for risk-management tools for SME owner-operators to protect their businesses from cyber crime.
For more information, the original article and links to the full report visit the NSW Small Business website.