21st May, 2024
Three out of five medium-sized businesses have experienced a cyber attack or cyber incident, according to our new research.
This rose to 81% for respondents in finance and insurance, 68% in wholesale and 62% in the business, professional and property industry.
The survey of 500 mid-sized Australian businesses (20-500 FTEs and $5 million+ revenue) found 83% of respondents have undergone a cyber security upgrade or cyber training in the last two years, and 84% say they feel prepared for a cyber event or attack.
Peter Wolski, Head of Information and Cyber Security at MYOB, said while it’s encouraging to see a high percentage undergoing cyber upgrades and training, there is a risk this could lull mid-sized businesses into a false sense of security.
“Cyber security should be top of mind for businesses of all sizes, but the mid-market often represents a tipping point where the threat can become particularly critical,” Peter says.
“Many in the mid-market are scaling rapidly and may have outgrown the solutions they implemented as a smaller business.
“As a business grows it also becomes more important to set formal processes and policies in place for all employees to follow.
“The survey findings suggest that mid-market leaders know the importance of cyber security, and the majority are keeping on top of best security practice, however the threat is very real and while 84% say they feel prepared for a cyber event or attack, businesses shouldn’t get too comfortable, especially as cyber criminals get more sophisticated.”
Medium businesses (20-199 employees) contribute one fifth (21%) of Australia’s gross domestic product (GDP).
According to the Australian Signals Directorate’s Cyber Threat Report 2022-2023, the average cost of cybercrime for medium businesses over that year was $97,200.
This is higher than the average reported for small businesses at $46,000 and large businesses at $71,600.
“Cyber security should be top of mind for businesses of all sizes, but the mid-market often represents a tipping point where the threat can become particularly critical.”
— Peter Wolski, Head of Information and Cyber Security at MYOB
The top three cybercrime types for businesses were email compromise, business email compromise fraud and online banking fraud.
Technology advancements in areas such as Generative AI are also making it easier for cyber criminals to craft more sophisticated messages that might dupe businesses.
“All the benefits that Gen AI brings in terms of automation and intuitive communication unfortunately also helps those who might be looking for security vulnerabilities,” Peter says.
“It’s more important than ever to be vigilant, as it’s not as easy to immediately identify scam communications.
“In addition to increased threats as bad actors improve their technology, businesses are feeling the pinch with costs going up and consumer spending down.
“The last thing business owners want or need is to be involved in a cyber incident and it’s imperative to stay on top of the security required as a business grows.”
Information provided in this article is of a general nature and does not consider your personal situation. It does not constitute legal, financial, or other professional advice and should not be relied upon as a statement of law, policy or advice. You should consider whether this information is appropriate to your needs and, if necessary, seek independent advice. This information is only accurate at the time of publication. Although every effort has been made to verify the accuracy of the information contained on this webpage, MYOB disclaims, to the extent permitted by law, all liability for the information contained on this webpage or any loss or damage suffered by any person directly or indirectly through relying on this information.