iscover 
New research from Optus has pointed out the major gaps and potential risks that small businesses in Australia face when it comes to cyber security and digital threats.
Optus found that 60 per cent do not have any cyber-security plan in place, while businesses spend an average of just two hours a month on prevention. One in five devote no time at all.
“Cyber attacks aren’t slowing down – particularly with AI tools, they’re becoming more automated and opportunistic, and small businesses are increasingly being targeted as ‘low-hanging fruit’,” cyber-security expert Karissa Breen said.
“While many businesses have basic protections in place, overall security practices aren’t strong enough, leaving gaps that attackers can easily exploit.”
Of these small businesses, sole traders were found to be the most at-risk group, with the large majority (79 per cent) reporting having no cyber-security response ready and 38 per cent taking no further action if an incident has previously occurred.
Among businesses that have experienced an attack, nearly a third said the biggest cost is the time and resources required to recover, while 21 per cent report productivity losses caused by system outages and 18 per cent suffer direct financial damage.
Phishing and email scams, unsurprisingly, account for the most incidents at 38 per cent, followed by malware and virus infections, and then hackers impersonating trusted contacts.
“Common vulnerabilities that attackers typically seek out and exploit include reused passwords, browser autofill, and minor password variations,” Breen said.
“Small businesses should adopt strong password hygiene, enforce multifactor authentication, and invest time in cyber awareness training to reduce these risks.”
Optus commissioned this research alongside the launch of its new program seeking to support small businesses in navigating the cyber-security space, The FutureFit program, which provided free workshops for small businesses to learn and develop their cyber-security skills.
Emma Jensen, executive general manager of small businesses at Optus, commented: “Cyber resilience doesn’t have to be hard – it just needs to be intentional.”
The findings come amid growing concerns that Australian businesses may be unprepared for increasingly sophisticated cyber attacks and fraud. The Australian Securities and Investments Commission (ASIC) last week warned that the misuse of artificial intelligence (AI) models could expose cyber-security vulnerabilities at an unprecedented speed, scale, and sophistication.
In an open letter to the finance industry, ASIC called on all licensees and market participants to urgently strengthen their cyber-resilience measures, as frontier AI intensifies the global cyber-risk environment.
“The rapid evolution of frontier artificial intelligence models marks a significant shift in the cyber threat landscape,” the letter stated.
“These models are accelerating both capability and accessibility... enabling new forms of exploitation that were previously out of reach for most actors.
“Whether an entity faces a basic phishing attempt or a more sophisticated cyber attack, the underlying cyber risk management principles of govern, protect, detect, respond remain the same.
“Appropriate cyber risk management starts at the leadership of licensees and participants. Boards and executives must ensure systems are tested, weaknesses are addressed early and that action is taken before threats can be exploited.”
ASIC has put forward 12 steps that could help licensees bolster their defences.
[Related: ASIC calls for urgent cyber uplift amid AI threats]
Want to see more stories from trusted news sources?Make Broker Daily a preferred news source on Google.