Almost a third of New South Wales small businesses have been victims of cybercrime, but they believe having a limited web presence limits their exposure, according to a new study from the Office of the NSW Small Business Commissioner.
Out of 1400 respondents, 50% limit their digital exposure to a business website with contact details and social media, believing they're less exposed to cybercrime that way.
Only one fifth of respondents use cyber insurance to protect their business from incidents, and only 10% considered cybercrime a number one priority.
They are also more averse to selling products online - 20% of businesses have an eCommerce strategy.
Robyn Hobbs, NSW Small Business Commissioner, says online business is about taking risks into account.
“Doing business online can open up huge opportunities but small businesses need to take full account of the risks – for example something as simple as using email every day or taking a phone call can present a big cyber security risk to any business,” she explains.
Two thirds of respondents believe they are well-informed about cybercrime risks and 80% said they could respond to a security breach.
Hobbs says that the 80% of SME owners seem confident they could respond to a security breach are more confident than most companies listed on the ASX.
“Going digital can be a fantastic way of growing your business but there's no room for complacency - the risks are real and we're encouraging small businesses to be aware and stay safe,” Hobbs says.
Overall, SMEs rank cybercrime as the fifth biggest risk to their business.
Respondents did state explicit areas of concern, including email fraud, social media hacking, online banking fraud, malware and crypto-ransomware.
“They also want help when it comes to tackling cybercrime – more than 90 percent said they needed risk management tools to assist in protecting them from cybercrime,” Hobbs says.
However, 75% of them were influenced by their own experience rather than advice from a specialist, such as a lawyer or accountant.
The study found that 60% of SMEs consult IT forensic consultants; 40% consult Google; 35% consult the police; and 34% consult Government.
“Some simple ways for small businesses to manage cyber risks to their business include educating and training staff, continuously updating software, using two-factor identification for emails and payments, encrypting important customer files,” Hobbs concludes.