Share this article on:
Despite cyber security being a key concern for Australian businesses, smaller companies lack dedicated security budgets.
New research has revealed that Australian small businesses are in trouble when it comes to cyber security, with only 44 per cent of companies with less than 50 employees having a dedicated security budget.
Trust management firm Vanta’s State of Trust report shows that despite the fact that 58 per cent of Australian businesses rate cyber security threats as their main concern, smaller firms are struggling.
Only 66 per cent of small companies are confident they can explain the impact of any security programs on their businesses, while AI is an even greater challenge, with just 13 per cent of small businesses auditing AI models to comply with data privacy regulations.
Another alarming figure from the report is that 43 per cent of Australian businesses face cyber threats on a more-than-weekly basis.
According to Jonathon Coleman, Vanta’s APAC general manager, “Australian businesses are waking up to the very real idea of cyber threats”, but only larger businesses are able to adequately prepare for a cyber incident.
“But awareness is only half the battle. Action is the other half – and as larger businesses invest more in their own cyber protection, the vulnerabilities left in the defences of small businesses become only more apparent to attackers, who tend to be opportunistic in nature,” Coleman said.
“Compliance is a major step forward in improving cyber security, but historically, the amount of time and effort organisations needed to put into compliance has been prohibitive. But we’re in the AI age now, where organisations can automate a large amount of compliance work, which helps make it less of a check-box exercise and more of a strong ongoing security measure that helps drive business.”
Paul Hawkins, chief information security officer at CipherStash, has some advice for smaller companies, particularly start-ups.
“There are three practical things I’d suggest to all start-ups looking at cyber security for the first time. First is to identify what you have. Understand what service providers you’re using, where you’re storing your data and customer data, and get visibility into your IT assets,” Hawkins said.
“Secondly, get your identity foundations in place. Centralise your systems around an identity provider, and reduce the number of long-lived login credentials to make it easier to revoke access whenever you need.
“And finally, use managed services for security like AWS Guard Duty or Vanta to get visibility and security capabilities without having to build and operate those systems yourself.”
Vanta’s State of Trust report is based on research done during July and August 2024 and responses from 2,500 IT and business leaders from Australia, the UK, and the US.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.