SMEs focus on cyber risk as new data breach laws commence

SMEs may need to improve their data security as new breach notification laws come into force.

Hardly a week seems to go by without a serious data breach occurring at a well-known brand. Uber, eBay, Equifax and Yahoo are just some of the big names that hackers have targeted in recent years, exposing billions of people's personal information and contact details.

But global industry giants aren't the only victims. SMEs can be an attractive proposition for cyber criminals, particularly as smaller businesses are unlikely to invest as heavily in defences.

Only 11 per cent of SME owners consider cyber attacks a major concern.

Last year, one-in-five Australian SMEs said they had experienced a cyber attack, according to Norton figures. While the average cost of a breach was relatively small at $6,600, the wider impact can be devastating.

For example, the Australian Small Business and Family Enterprise Ombudsman cited US research showing 60 per cent of SMEs that suffer a cyber attack go out of business within six months.

The impact of the Notifiable Data Breaches Act

The topic of cyber security at SMEs is especially relevant at the moment due to the introduction of new mandatory data breach notification laws in Australia.

On February 22, the Privacy Amendment (Notifiable Data Breaches) Act 2017 came into effect. The legislation requires businesses to inform the Australian Information Commissioner and affected customers when an eligible data breach occurs.

The Act only applies to businesses earning more than $3 million a year in revenue, but the potential penalties for non-compliance are sizeable. Failing to report an incident could land individuals and organisations with fines of up to $360,000 and $1.8 million, respectively.

Clearly, the impact on sole traders and partnerships, who may be held personally liable for breaches, could be disastrous. Despite this, 44 per cent of Australian small businesses are not fully prepared for the legislation, CyberArk research shows.

Is your SME cyber risk ready?

Cyber risk prevention is becoming increasingly important for the country's SMEs, but awareness remains a problem for many business owners.

A Zurich Insurance Group study revealed the number of SMEs worried about the impact of a cyber attack had trebled between 2011 and 2016. Nevertheless, only 11 per cent considered such incidents a major concern.

With the introduction of new data breach laws and the growing sophistication of cyber attacks worldwide, now may be the time for SMEs to consider how at risk their business is to this form of criminal activity.

WMC Accounting provides comprehensive risk management and assessment services to small businesses, enabling organisations to build an effective strategy to contain threats and realise business goals. Contact us today to learn more.

Latest Business Advisory Articles