Cybersecurity

Share

22nd July, 2024

Low cybersecurity preparedness leaves SMEs vulnerable

New research shows that most small and medium-sized businesses (SMEs) don’t have plans in place for a cybersecurity incident.

A significant number also say they are unconcerned about cyber threats — despite the potential for serious impacts on business operations. 

MYOB’s 2024 Business Monitor — a nationwide survey of 1000+ SME owners and decision-makers — reveals that more than half (57%) of New Zealand’s SMEs do not have processes in place to manage a cybersecurity breach.

Just 38% of business owners and operators surveyed said they have established procedures for dealing with a cyber incident, while 6% of those surveyed were unsure of their processes. 

However, the findings highlighted that cyber preparedness increases with business size.

Fifty-seven percent of businesses with 20+ employees reported having processes in place to handle a breach, compared to 35% of those with 1-5 employees, and 47% of those with 6-19 employees. 

Cybersecurity for SMEs

Businesses left exposed

While nearly half (49%) of SME owners and decision-makers said they are concerned about the cybersecurity of their business, 47% are either not at all or not very concerned about their cyber preparedness levels, but Peter Wolski — General Manager of Reliability and Security at MYOB, explains that they should be.

“Many SMEs mistakenly believe they are too small or inconsequential to appeal to cyber criminals, however this is often not the case,” Peter says. 

“This thinking can leave these businesses exposed as easy targets for malicious activity and the consequences of cyber breaches can be severe for all involved, including business owners, their employees, and their customers.” 

Never too late to get prepared

More than a quarter (28%) of SME leaders surveyed in MYOB’s Business Monitor said they have been targeted by malicious activity such as malware, online scams, hacks, phishing, or ransomware.  

Peter says that it’s crucial business owners explore and understand how to keep safe online, and set up robust cybersecurity practices to protect them in case of a breach. 

“While it can be tough to step away from day-to-day business tasks, setting aside time now to assess your business’ key assets and apply the National Cyber Security Centre’s (NCSC) recommended protections such as software updates, multi-factor authentication and backups, will ensure business owners and their teams are protected and ready to respond if or when an incident happens,” he says. 

“In high-stress situations, plans allow everyone to think clearly and work through the necessary steps, starting with reporting malicious activity to the NCSC’s CERT NZ.” 

Once business owners have processes in place, Peter explains that the next step is initiating a proactive, always-on approach, testing and identifying any weaknesses before they manifest.  

“Ensuring your business’ cybersecurity is solid and resilient is a never-ending process — unfortunately there’s no finish line as cyber criminals adapt and technology evolves at a rapid pace. With cybersecurity, prevention is always more effective than treatment,” he says. 

“If getting up-to-speed feels overwhelming, prioritise any specific business needs and implement the most pressing changes first.

“Another good way to kick off the process is by accessing the support available through the NCSC’s Own your Online website.

“This hub offers a range of resources to help SME owners keep their business safe in the digital world, including an online security assessment tool to prepare a customised action plan.” 

Cybersecurity for SMEs

Ongoing education crucial

For those keen to improve their cyber readiness, Peter shares a few key areas SME leaders can focus on to increase their level of protection: 

  • Keep software updated on all devices  
  • Adopt multi-factor authentication (MFA) and use passphrases 
  • Set up automatic data back-ups  

“Ongoing education for both business owners and employees is a key component of proactive cybersecurity,” Peter says.

“Everyone in the team should know how to protect themselves and identify red flags such as potential scams or online phishing.  

“Maintaining good cyber safety is everyone’s responsibility, and a unified, vigilant approach is your best defence.”  


Information provided in this article is of a general nature and does not consider your personal situation. It does not constitute legal, financial, or other professional advice and should not be relied upon as a statement of law, policy or advice. You should consider whether this information is appropriate to your needs and, if necessary, seek independent advice. This information is only accurate at the time of publication. Although every effort has been made to verify the accuracy of the information contained on this webpage, MYOB disclaims, to the extent permitted by law, all liability for the information contained on this webpage or any loss or damage suffered by any person directly or indirectly through relying on this information.