The risk of delegating away cybersecurity tasks
Two cybersecurity reports have examined how well small and medium-sized businesses are prepared for cyberthreats, warning unprepared firms could fail to recover from an attack and should avoid relying on younger staff for expertise.
The reports, from HLB Mann Judd and the Council of Small Business Organisations Australia (COSBOA), explored how well firms were prepared for a cyberthreat or attack.
The COSBOA survey, which surveyed more than 2,000 small business owners, found four in five respondents were not confident in their ability to prepare for, fight and recover from a cyberthreat.
This was echoed by HLB Mann Judd which said a lack of resources could lead to a business closing after a cyberthreat. It advocated for businesses to set aside 1%-5% of annual turnover for cybersecurity measures along with a formal cyber response plan and strategy.
Kapil Kukreja, HLB Mann Judd Melbourne partner, said: “There have been instances where SMEs have been the victim of a cybersecurity attack, and have gone under within six months. Business owners need to be more accountable and ensure their operations are safeguarded against an attack.
“There’s room for improvement across all sectors but particularly within the SME sector, as they don’t typically have the resources to manage should a cyber breach occur. Hackers are all too aware of this,” he said.
He noted small businesses were also lagging in cybercrime reporting due to lack of requirements to report breaches, resulting in poor records and data collection held by Australian cyber agencies.
Under Australia’s Mandatory Reporting of Data Breaches regulation, businesses with a turnover of less than $3 million per year were not required to report cyber hacks.
Meanwhile, COSBOA also found there was misconception that younger employees were more aware of cyberthreats than their older colleagues.
It said Gen Z employees (those born after 1997) were least aware of cyberthreats like ransomware and identity theft while Gen X and millennial employees in their 30s were most likely to take cybersecurity seriously.
This was important as some firms may have relied or delegated work to younger staff members on the assumption they were the most tech-savvy.
“A good first step is taking stock of who is responsible for your business’ cyber protection,” COSBOA chairman Matthew Addison said. “Don’t just assume your kids or younger employees are the safest pair of hands when it comes to online activity.”
Other recommendations to boost cyber protection were implementing cybersecurity automation solutions powered by machine learning and artificial intelligence; implementing the Essential Eight framework recommended by the Australian Signals Directorate; prohibiting apps or software downloads by employees; performing a stress test simulating a hack to identify vulnerabilities in the IT environment; and reviewing information that is collected and stored about customers over periods of time that could be deleted.
AUTHOR
Rhea Nath
Recommended for you
AMP non-executive director Kathleen Bailey-Lord and Iress non-executive director Susan Forrester have been appointed to the national board of the Australian Institute of Company Directors.
Wealth manager JBWere has announced the launch of two fixed income strategies for wholesale clients, backed by UBS Asset Management.
Firetrail Investments has confirmed the departure of four executives over the last quarter, including head of investment strategy Anthony Doyle.
Ares Management has announced a new offering aimed at providing Australian wholesale clients, investors access to its private equity investment strategies, anchored in secondary investments.
