Awakening from the ‘cyber slumber’: Federal government’s cyber security strategy targets smaller businesses

Australia plans on becoming a world leader in cyber security by 2030. Recently, the Australian government published its action plan, which details how it plans to get the country there.

Item one on the list is all about helping businesses improve their cyber security. Where are we now, what will improvement look like, and what role will businesses play?

State of the union

Cyber crime is on the rise, both in its frequency and the damage it wreaks. It is becoming one of the biggest threats to Australian organisations as the attacks become more sophisticated and unpredictable, said Professor Nigel Phair of Monash University.

“Year on year, the Australian Signals Directorate has received another substantial increase in reports of cyber crime,” said Professor Phair.

“This has been a consistent pattern for a number of years now and will continue to increase until Australian organisations start putting more effort into cyber security and the risk management of their information assets.”

Year after year, the rates of cyber crime have been climbing in Australia and abroad. In 2022, cyber crime reports were up 18 per cent from the year prior. In the 12 months to February–March 2023, roughly 47 per cent of Australians experienced at least one cyber crime, said the Australian Institute of Criminology (AIC). Regarding businesses, 22 per cent of small to medium business owners were negatively affected by cyber crime in the 12 months leading to February–March 2023.

When dealing with cyber crime, it’s important to add context to the statistics. Not only are the numbers often substantially deflated due to underreporting, but the frequency and impact of cyber crime victimisation are not evenly felt. This applies at the individual and industry level.

Among individual Australians, the vulnerabilities are highest at either extreme of the age spectrum, while the actual financial impacts of cyber crime tend to increase with age. According to Tech Business News, the following eight industries are most vulnerable to cyber crime:

1. Healthcare
2. Financial services
3. Retail
4. Education
5. Energy and utilities
6. Government
7. Manufacturing

Perhaps more importantly, cyber crime is something of a catch-all term. It can denote things as disparate as online harassment and abuse, identity crime, fraud, and malware attacks.

Targeting smaller businesses

The economic importance of small and medium businesses in Australia is so clear it hardly needs restating. Though equally important to Australia’s cyber security, the case is less often made. There is a cyber attack in Australia every 10 minutes. Nearly half of which (43 per cent) are made against small to medium enterprises.

The impacts for such businesses can be devastating as they often have limited resources to allocate to cyber security, not to mention the fact that many wouldn’t know where to begin. Smaller businesses don’t operate in a vacuum – they form links in a much broader chain, meaning an attack on one can spell risk for many others.

“For large organisations, incidents affecting a small or medium business in their supply chain can cause significant damage,” explained the federal government’s new Cyber Security Strategy report, which Cyber Security and Home Affairs Minister Clare O’Neil said has been designed to overcome the “cyber slumber” of the previous government.

“An incident in a large organisation’s supply chain can cause major downstream impacts, disrupting service delivery. Or, where a small business is integrated into the networks of a large organisation, a cyber attack on the smaller entity can unlock a ‘back door’ into the larger organisation that malicious actors can easily exploit.”

To address the risks for smaller businesses, the federal government plans to allocate funding towards a voluntary “cyber health check program”. The program will, free of charge, allow businesses to undertake a tailored assessment of their “cyber security maturity”.

Additionally, the government will invest in a Small Business Cyber Resilience Service, which will “provide one-on-one assistance to help small businesses navigate their cyber challenges, including walking them through the steps to recover from a cyber attack”.

“We understand the challenges that small businesses face in the complex world of cyber security, but they are not on their own. The Australian government’s cyber security strategy will make sure the support is available to help them understand and improve their own cyber security,” said Ms O’Neil.