The cost-of-doing-business crisis is forcing more than one in five small businesses to cut spending in cyber security, despite them being the least prepared for a cyber attack.

A new report on the impact of cyber attacks on NSW small and medium enterprises (SMEs) has revealed some 22 per cent of small businesses and 15 per cent of medium businesses plan to reduce spending on cyber security management.

The decision is despite 94,000 reported cyber crimes in Australia in the last financial year alone, according to the Australian Signals Directorate, a 24% increase from the previous year.

Business NSW CEO Daniel Hunter said the sobering figures are a wake-up call for governments both state and federal.

“Businesses dealing with ballooning insurance, energy and tax bills are alarmingly being forced to make the hard decision to cut spending on cyber security – a decision they should not be forced to make,” Mr Hunter, launching the SME Cyber Security Management report said.

“As business overheads continue to rise, there is a risk more SMEs will de-prioritise cyber security management. Yet the average small business, if targeted by cyber criminals, is losing almost $50,000 to cyber attacks – and the problem is getting worse.

“Businesses have told us about the devastating impact on staff wellbeing. One staff member of a regional NSW book-keeping business suffered a severe mental health impact as a result. These stories are all too common.”

Small businesses self-reported that they are the least prepared to prevent and withstand cyber attacks (with an average score of 5.1 out of 10) compared to medium businesses (6.2) and large businesses (6.7).

One in three (34%) small businesses and 43% of medium businesses in NSW have experienced cyber attacks in the 12 months to August 2023.

Concerningly, 41% of small businesses and 15% of medium businesses have taken no actions to enhance cyber security as they can’t afford it.

“The NSW and Federal governments must rapidly incentivise SMEs to ensure they have the appropriate level of cyber protection,” Mr Hunter said.  

Dr Andrew Charlton MP, Special Envoy for Cyber Security and Digital Resilience, launched the SME Cyber Security Management report at Business NSW’s Sydney HQ last week.

“I know firsthand the pressures of running a small business, especially when every dollar counts,” Dr Charlton said.

“The good news is that there are basic steps every small business can take to significantly reduce cyber risk, often at no or minimal cost. This includes using strong, unique passwords, enabling multi-factor authentication, and keeping software up to date.

“On top of that, the Government’s cyber programs and the $20.8 million Cyber Health Check offer further support to help protect your business without adding to your financial strain.”

Business NSW is calling for:

• The Federal Government provide a 20% deduction bonus on all cyber security related expenditure to enable businesses to invest in cyber security.
• The NSW Government to expand the Service NSW Business Bureau’s role to include guidance on cyber security for businesses.
• The Federal and NSW governments to continue to review current small business focused cyber initiatives to understand their take-up and efficacy. 
• The Federal and NSW governments – together with relevant industry leaders and membership organisations – to combine to support SMEs and ensure their cyber security.

About Business NSW 

Formerly the NSW Business Chamber, Business NSW is the peak policy and advocacy body which has been representing businesses in NSW since 1826. We represent almost 50,000 businesses.

BUSINESS NSW MEDIA CONTACT: BEN PIKE – 0429 993 822

DR ANDREW CHARLTON MP MEDIA CONTACT: SONIA PATMAN 0408 187 330