The small business ombudsman says an $18 million cyber security program for the sector targets one of its “biggest fears” and will help hack victims rebuild.
Australian Small Business and Family Enterprise Ombudsman Bruce Billson said the measures, which include an $11 million resilience program, were crucial to prevent small businesses from being vulnerable to cyber criminals.
“Small businesses can’t hope to have the same sophisticated resources and teams of cyber experts as larger companies, who still fall victim to ever more sophisticated attacks,” he said.
“One of the biggest fears a small business has is that they will be targeted and wiped out by a cyber attack.”
“Some never recover from the assault on their operations and their reputation.”
The cyber package, announced yesterday by Small Business Minister Julie Collins and Cyber Security Minister Clare O’Neil, establishes an $11 million Small Business Cyber Resilience Service to assist small businesses with cyber challenges, including walking them through the steps to recover from a cyber attack.
Another $7.2 million goes towards offering cyber health check-ups that assess the strength of business’s digital security, referring high-risk operations for a more sophisticated, third‑party assessment when necessary.
Ms O’Neil said the measures would ensure support was available to a sector challenged by the complexity of digital defence.
“Uplifting the cyber security of our small businesses is integral to a cyber secure and resilient nation, and this dedicated support will make a huge difference in their preparedness and resilience,” she said.
Last week, the Australian Signals Directorate revealed that cyber crimes were reported every six minutes in FY23 and the average cost to a small business was $46,000.
Mr Billson said the recovery assistance program had been a priority for ASBFEO.
“These announcements will provide the type of concierge-style support we have advocated for to assist small business to be as prepared as they can be by providing a free check on their readiness and then advice on actual practical steps that can be taken to further strengthen their business.”
“This will include one-to-one support in the event of an attack to help a small business rebound and recover.”
He said the voluntary cyber health check program, as well as third-party assessments and assistance, should be built into a new right-sized privacy compliance framework for small business, given the government’s decision to remove the small business exemption from the Privacy Act.
“Incorporating cyber-security guidance and Consumer Data Right rules into actionable steps for small businesses to meet their privacy obligations will help protect small businesses, reduce compliance burdens and address priority privacy concerns for individuals,” Mr Billson said.
Ms O’Neil said the small business programs built on moves to strengthen privacy laws and reflected the government’s priority of making Australia a world-leading cyber secure and resilient nation by 2030.