With more businesses becoming digitised and instances of cyber-crime on the rise, new research has revealed that nearly
a quarter (24%) of SMEs have been a victim of a cyber-attack or malicious cyber activity.
Of those SMEs who have been targeted by malicious cyber activity, nearly half (49%) said they had experienced a phishing
attack, 44% had been targeted with malware, and a quarter (25%) had experienced a ransomware attack.
The findings, which were uncovered in the MYOB Technology Snapshot, also highlighted that most SMEs are taking basic
precautions to protect themselves online.
Nearly three quarters (74%) of those polled said they have anti-virus protection, 60% said they have firewalls in place
in their business, and more than a third (37%) have two-factor authentication. However, just 27% of SMEs have had
specific staff training to protect the business and themselves from scammers or online phishing.
MYOB Senior Sales Manager SME – Krissy Sadler-Bridge, explains that while technology can provide SMEs with protection
from cybersecurity threats or attacks, security programs aren’t the only option for businesses.
“Learning how to be cyber-safe and how to identify red flags should become regular, essential training for business
owners and all employees,” says Krissy. “Starting with the basics, such as creating unique passwords, backing up data
and ensuring the business has two-factor authentication is important, but understanding what to look out for as
different types of cyber-attacks evolve, is key.”Business repercussions
The experience of cybercrime is also having large repercussions for SMEs, their employees and their customers. More than
two-in-five (42%) SMEs who had experienced a cyber-attack said their private files were accessed and 30% revealed that
their customer or client data was made available on the dark web.
“Being a victim of a cyberattack can be incredibly scary, particularly if private documents get accessed or personal
threats are made,” says Krissy Sadler-Bridge. “Even beyond the impact to an SMEs’ business and customers, going through
these experiences can also affect the wellbeing of employees involved.”
“Preparing for worst-case scenarios by having plans in place to report suspicious behaviour immediately, or a list of
people to call should the business encounter an attack – like the Computer Emergency Response Team (CERT NZ) or even the
police – can help ensure a business moves swiftly and correctly to respond to any attack before it has an even bigger
impact.”Mitigating risk
When MYOB asked SME owners and decision makers whether they had any preventative and reactive cybersecurity processes in
place, just over half (54%) of those surveyed said they did, while more than a quarter (28%) did not and the remaining
18% didn’t know.
Actively monitoring for cyber security threats also isn’t happening as often as it could be. While this could perhaps be
due to a reliance on their security technology, only 19% said they check and update their security measures weekly,
while 18% check this monthly and one-in-10 (10%) do this every 4-6 months. Nine percent of SMEs said they check and
update their cyber security protection measures every few days.
“Regularly reviewing the business’s cyber security protection is essential to spotting any gaps in the software, or
important updates or bug-fixes that the program may have released. As SMEs are in control of a lot of private
information, continuously monitoring and testing safety measures will help ensure they are getting the best possible
coverage,” says Krissy.
“What’s also concerning when it comes to business protection, however, is that more than a quarter of SMEs (27%) said
they didn’t know if their business was covered for cyber-attacks under their current business insurance policy. While
there are no shortage of costs SMEs need to manage to run their business with insurance being one of these, having the
right protection in place here could save them thousands of dollars in the long run, so I’d strongly encourage any
business owner to check in with their broker or provider about this.”Improving preparedness
To help boost knowledge and confidence levels around cyber security and preparedness, the insights showed that SME
owners and decision-makers are eager for more education around cyber security to protect their business.
Nearly a third (32%) of SMEs said more education on the types of cyber security threats affecting businesses and what to
look out for would be most beneficial, and 30% said they would benefit from more education on how to plan and prepare
for a cyber security incident.
Krissy Sadler-Bridge says bringing in cyber-safety specialists that offer training could be extremely useful for
businesses, especially since many SMEs see education as a tool that could be beneficial to their business.
“As scammers and hackers are becoming increasingly sophisticated, regular training on new cybercrime techniques could be
key to keeping them at bay. There are a number of specialists that operate programs where the training sees them target
a business with fake scams or phishing attacks, to see if employees can identify malicious activity and understand how
they would respond. Running through real-world scenarios might seem intimidating, but they can really help identify
strengths and weaknesses in an organisations’ response.”
Any SMEs looking to report cybercrime or malicious activity should contact CERT NZ either via the online reporting tool: https://www.cert.govt.nz/report-an-issue/ or by calling 0800 2378 69.