20 November 2023

New support announced today by the Australian Government to help small businesses combat cyber attacks is extremely welcome, says the Australian Small Business and Family Enterprise Ombudsman, Bruce Billson. 

“One of the biggest fears a small business has is that they will be targeted and wiped out by a cyber attack and we are pleased our strong advocacy for greater sector-wide support has been heard,” Mr Billson said. 

“The latest chilling report from the Australian Cyber Security Centre is that a cyber attack happens every six minutes and when a small business is hit, on average they suffer a financial loss of $46,000.  

“Some never recover from the assault on their operations and their reputation and today’s announcement offers practical help to minimise the chance of being a victim and better prepare small businesses to bounce back.  

“These announcements will provide the type of concierge-style support we have advocated for to assist small business to be as prepared as they can be by providing a free check on their readiness and then advice on actual practical steps that can be taken to further strengthen their business.  

“This will include one-to-one support in the event of an attack to help a small business rebound and recover.”  

Mr Billson said small business would greatly appreciate the two programs announced by Small Business Minister Julie Collins and Cyber Security Minister Clare O’Neil. 

Under the announcements, $7.2 million will create a voluntary cyber health check program to allow businesses to undertake a free, tailored self-assessment of their cyber security maturity and determine the strength of their cyber security measures with educational tools and materials they may need to upskill. Those with a high-risk exposure will be able to access a more sophisticated, third-party assessment to provide additional security across national supply chains.   

A further $11 million will be spent on the Small Business Cyber Resilience Service to provide one-on-one assistance to help small businesses navigate their cyber challenges, including walking them through the steps to recover from a cyber attack.  

“Small businesses can’t hope to have the same sophisticated resources and teams of cyber experts as larger companies who still fall victim to ever more sophisticated attacks,” Mr Billson said. 

“Small and family businesses are sadly a preferred target for some of the scammers and cyber-criminals and these new programs will give small business greater confidence they are not alone. 

“The most prominent type of attack is a cyber-criminal will tap into a small businesses email system, intercept an invoice that’s going out from the business and put in some different bank account details. 

“The unsuspecting customer is expecting the bill and probably knows the amount they have to pay so when it arrives they just settle that account.  

“However, the money goes to some joker on the other side of the world, is quickly converted into crypto currency and is gone. 

“Other attacks involve phishing scams, where a small business receives an email that looks okay, but it allows entry into their digital infrastructure and the criminals demand a payment for to access your own information.”  

Mr Billson said there are simple steps a small business can take right now including having multi-factor authentication, sophisticated passwords or pass phrases, making sure not everybody's got full access to all parts of your technology, having secure backups of critical data and checking with the Cyber Security Centre at www.cyber.gov.au  

Mr Billson said that the voluntary cyber health check program, as well as third-party assessments and assistance, should be built into a new right-sized privacy compliance framework for small business, given the government’s decision to remove the small business exemption from the Privacy Act. 

“Incorporating cyber-security guidance and Consumer Data Right rules into actionable steps for small businesses to meet their privacy obligations will help protect small businesses, reduce compliance burdens and address priority privacy concerns for individuals,” Mr Billson said.

MEDIA CONTACT: 0448 467 178