Australia—Small businesses vulnerable to rising cybercrime

The rise of cybercrime, which includes everything from theft and embezzlement to hacking, adds to the challenges facing small and medium-sized businesses (SMEs) in an increasingly volatile geopolitical and global economic environment. Australia’s Cyber Security Centre (ACSC) received over 76,000 cybercrime reports in 2021-22, an increase of nearly 13% from 2020-21 (Chart). This equates to one report every 7 minutes.

Successful cyberattacks can disrupt or damage IT infrastructure and essential services, dent revenue due to idle or lost production, drive up business costs, increase insurance premiums, tarnish brand reputation and strain customer relations. Cybercrime is also increasingly targeting the global transport and logistics industries; for instance, global supply chains rely on a significant volume of data processing and information sharing that are vulnerable to cyberattacks. Cyber threats that disrupt supply chains can hurt Australian businesses that rely on raw materials imports or delivery of exports to end-markets.

SMEs face significant risk from cyberattacks. According to Accenture’s Cost of Cybercrime Study, 43% of cyberattacks are aimed at small businesses. SMEs are also less prepared to defend themselves against cyberattacks; nearly half (48%) of Australian SMEs spend less than $500 annually on cybersecurity, according to the ACSC.

In the face of more targeted and increasingly complex cyberattacks and insufficient security measures, cybercrime is exacting a high and rising cost on Australian businesses. The ACSC found the average cost per cybercrime report rose to $39,000 for small business, $88,000 for medium business and $62,000 for large business in 2021-22, an average increase of 14% on 2020-21.