Technology advances are helping SMEs compete with larger organisations across Australia, but this innovation can be a double-edged sword if businesses are unprepared for cyber threats.
Criminals are becoming increasingly sophisticated in their attacks on commercial entities, and the financial and reputational cost of a breach can be devastating.
"Flourishing small businesses, by their very nature, are innovative and original, making them attractive to those interested in customer data."
The Allianz 2017 Risk Barometer found that cyber incidents were the second-biggest hazard for organisations operating in Australia, with only business interruption ranking higher.
According to an IBM and Ponemon Institute report, the cost of a data breach for Australian businesses averaged $2.64 million last year, and 46 per cent of incidents were due to malicious intent.
While many larger organisations often have the resources to invest heavily in cyber security, are SMEs as well prepared for attacks on their systems?
SME awareness of threats rising
The good news for SMEs is that business owners are becoming more aware of the cyber security risks facing their organisations.
The number of executives and managers concerned about cyber security has nearly tripled since 2013, the latest Zurich Insurance Group annual global SME survey revealed. However, the total proportion of respondents worried about these issues remains at a relatively low 11 per cent.
Callum McMillan, national commercial manager for financial lines at Zurich in Australia, said approximately 97 per cent of the country's businesses are classified as SMEs.
"Flourishing small businesses, by their very nature, are innovative and original, making them attractive to those interested in customer data and also to hackers pursuing larger organisations through their contractor relations," he stated.
"Interconnectivity has increased with 84 per cent of SMEs online and one in two [SMEs] receiving some form of payment online."
The costs of cyber security threats
While cyber security awareness is growing in Australia, many SMEs still don't have significant measures in place to combat potential threats.
The 2016 Australian Cyber Security Centre Threat Report highlighted a number of direct and indirect costs of failures to protect networks and systems, including:
- Lost productivity and income;
- Loss of revenue through intellectual property theft;
- Negative social media and news coverage; and
- Increased spending on resources to investigate incidents.
Furthermore, businesses must also implement reactive cyber security strategies, which are often more expensive than a proactive approach due to the shorter timeframes that are usually enforced.
It is therefore crucial for organisations to identify potential threats to their business before they occur by formulating a comprehensive risk management strategy.
If you would like to learn about SME risk management strategies, please contact WMC Accounting for more information on our services.