You have 0 free articles left this month.
Register for a free account to access unlimited free content.
accountants daily logo

Cyber watchdogs ‘in the dark’ about SME hacks


A lack of mandatory reporting for businesses with less than $3 million turnover means Australia knows too little about the extent of hacking.

By Philip King 10 minute read

Small businesses are ill-equipped to deal with cyber attacks and a lack of reporting requirements means Australia’s digital security agencies are in the dark about the extent of the crime, according to HLB Mann Judd Melbourne partner Kapil Kukreja.

Mr Kukreja said the SME sector had been slow to respond to potential cyber attacks and business owners needed to be more accountable, with 99.8 per cent falling below the turnover level – $3 million – for mandatory reporting.

“The US and Europe are much more advanced in collecting data, and that’s fundamentally driven by businesses reporting any breaches to authorities,” Mr Kukreja said.

“Given 99.8 per cent of Australian businesses are SMEs, it does create a major disparity in knowing the true extent of cyber-crime across the country.”

“We have only one report which comes out of the Australian cybersecurity agencies. Nothing else.”

He said the recent Optus and Medicare breaches had increased consumer awareness of cyber-crime, but SMEs should be putting up to 5 per cent of their IT budget towards prevention and response.

“This is a guide and it will depend on a range of factors, such as nature of the business and complexity of its systems,” he said.

“Systems become complex when they are interacting with other systems, which is normally the case … So how many systems are in place, how are they connected to each other? What information is flowing from one to another?”

“There’s room for improvement across all sectors but particularly within the SME sector, as they don’t typically have the resources to manage should a cyber breach occur. Hackers are all too aware of this.”

But regardless of the type of business, it was an ongoing process.

“The key for SMEs is they need a budget set aside, along with a formal cyber strategy and cyber response plan, it’s about smart spending and it can’t be an after-thought.

“It's not set-and-forget – we need to continuously review, continuously update, because new vulnerabilities are coming day by day.”

“There have been instances where SMEs have been the victim of a cyber security attack and have gone under within six months.”

Mr Kukreja recommended the following tips for SMEs in mitigating a cyber breach:

  • Make cybersecurity the responsibility of the board and those charged with governance.
  • Implement the Essential Eight framework to raise the baseline of cybersecurity and resilience in line.
  • Implement cyber security solutions.
  • Consider and perform a stress-test – there are companies that can perform a simulated hack of a business to identify vulnerabilities in the IT environment.
  • Prohibit downloading of apps or software by all employees. Every unauthorised app or software provides an opportunity for a hacker.
  • Review how much information is collected and stored about customers and suppliers, and if anything is not required or obsolete, delete it.

 “There are well-known examples of cybersecurity breaches but it can happen to businesses of any size. And the reality is unfortunately it will happen – it’s not a question of if, but when,” he said.

You need to be a member to post comments. Become a member for free today!
Philip King

Philip King


Philip King is editor of Accountants Daily and SMSF Adviser, the leading sources of news, insight, and educational content for professionals in the accounting and SMSF sectors.

Philip joined the titles in March 2022 and brings extensive experience from a variety of roles at The Australian national broadsheet daily, most recently as motoring editor. His background also takes in spells on diverse consumer and trade magazines.

You can email Philip on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.