As Australia sees overall crime rates continue to fall, security firms and insurers are increasingly turning their focus to the online world — and they are finding plenty of business opportunities within the SME community.
New figures from the Australian Bureau of Statistics (ABS) show that crime rates in Australia are for the most part substantially below the levels recorded a decade ago.
While the rate of sexual assault has remained steady, physical assaults are down by 23 per cent while robberies have halved between the 2009 and 2018 financial years.
“All household crime types captured in the survey also show a decrease in 2017–18 compared to a decade ago,” said William Milne of the bureau’s National Centre for Crime and Justice Statistics.
Yet cyber crime is exploding, with a number of high-level warnings issued from the likes of the ATO, the ACCC and other bodies in recent months urging businesses and consumers alike to be more alert to their online security, such as the threat posed by invoice scams.
Just last week, the Telecommunications Industry Ombudsman warned that scammers are also stealing mobile phone numbers (by transferring numbers to a new SIM card) as a means of gaining access to their victims’ bank accounts.
Scammers have also been impersonating utility and telco providers, government departments, high-profile individuals and even other small to medium businesses in a bid to dupe people into handing over money and/or personal information.
Despite all of these warnings, a new survey of SMEs in the Asia Pacific region has suggested that many business leaders are overconfident in their ability to guard against cyber threats.
In a poll of 1,000 business and IT leaders within SMEs — including 400 from Australia and 300 each from Singapore and Hong Kong — Chubb and YouGov found that an overwhelming majority (87 per cent) believe that they are capable of overcoming a cyber incident; 56 per cent suggest that they could do so within just 12 hours.
Yet almost one in three (30 per cent) confessed that they did not know which files had been affected by a data breach, and 45 per cent were not confident that their employees who have access to sensitive data are completely aware of privacy obligations.
Even more concerning was the finding that 28 per cent of businesses had taken no action following a cyber incident.
“Some SMEs believe they are too small to be targeted by cyber criminals or any internal issues will not greatly impact them. In effect, they think they are ‘too small to fail’,” Chubb’s regional cyber underwriting manager, Andrew Taylor, said.
“However, our own claims data highlights numerous small business compromises and ransomware events that are decimating the cash flow of small businesses.
“In fact, smaller companies have a relatively larger exposure, as they face the same threats that larger businesses face but do not have the means to implement comprehensive protection, leaving significant risk uncovered.”
Some 60 per cent of those polled believe that they were much less susceptible to cyber incidents than larger businesses, despite the same proportion having experienced some form of cyber incident within the past year.
Incredibly, two-thirds (67 per cent) admitted that they are not even aware of all the threats posed to their business.
According to the findings, presented in Chubb’s Too Small to Fail? Australia SME Cyber Preparedness Report, not all cyber incidents are externally driven. In fact, most could be attributed to internal factors within the control of the business.
It found that of those caused internally, the primary culprits were a system malfunction resulting in business interruption or data loss, a technical fault and human error.
- Opinion: Why do so many claim to represent small businesses?
By Adam Zuchetti
- Opinion: House prices not all doom and gloom
By Adam Zuchetti
- Analysis: How can SMEs realistically stay competitive?
By Adam Zuchetti