Despite growing cyber awareness, SMEs remain stuck in their cybersecurity efforts
Despite businesses across Australia having more awareness of cyber threats, efforts to combat these threats are hampered by a lack of action being taken by the country’s small-business community.
This is according to the latest State of Trust report, the annual report on security and compliance by trust management platform company Vanta.
The report revealed that cybersecurity threats are now the top concern for 52 per cent of Australian business and IT leaders — more than operational risk (41 per cent), financial risk (40 per cent) and brand reputation damage (30 per cent). More so, 58 per cent have shared that security risks for their organisation have never been higher.
However, only 44 per cent of small Australian businesses (1–50 employees) say they have a dedicated security budget, and 66 per cent feel confident in their team’s ability to show the impact of their security program on the business. In addition, 62 per cent of Australian organisations believe their security and compliance measures need improvement, even though businesses across the board are spending on average nine working weeks per year to become compliant.
Jonathon Coleman, APAC general manager for Vanta commented, “After two years of major cyber breaches hitting the Australian headlines, Australian businesses are waking up to the very real idea of cyber threats. But awareness is only half the battle. Action is the other half — and as larger businesses invest more in their own cyber protection, the vulnerabilities left in the defences of small businesses become only more apparent to attackers, who tend to be opportunistic in nature.”
Coleman added, “Compliance is a major step forward in improving cybersecurity, but historically the amount of time and effort organisations needed to put into compliance has been prohibitive. But we’re in the AI age now, where organisations can automate a large amount of compliance work, which helps make it less of a check-box exercise and more of a strong ongoing security measure that helps drive business.”
Vanta’s report also uncovered the changing attitude towards compliance within Australia’s businesses, with 66 per cent now recognising that a more efficient approach to security and compliance will positively impact the business through better time and cost-savings and 63 per cent acknowledging that good security practices will result in higher customer trust.
Paul Hawkins, chief information security officer at CipherStash, commented, “Not taking cybersecurity seriously enough can be a business-ending decision for a startup that’s early on its journey. These types of businesses often don’t have the level of trust relationship with their customers that bigger businesses have, and so it’s vital to build and protect that precious trust because that’s what helps drive future business growth.
Hawkins added, “There are three practical things I’d suggest to all startups looking at cybersecurity for the first time. First is to identify what you have. Understand what service providers you’re using, where you’re storing your data and customer data, and get visibility into your IT assets. Secondly, get your identity foundations in place. Centralise your systems around an identity provider, and reduce the number of long-lived login credentials to make it easier to revoke access whenever you need. And finally, use managed services for security to get visibility and security capabilities without having to build and operate those systems yourself.”
This story was originally published on Inside Small Business
Comment Manually
You must be logged in to post a comment.
No comments