Brought to you by:

COVID fails to jolt cyber-naive SMEs

The COVID-19 pandemic and work-from-home repercussions have failed to jolt SMEs out of their cybercrime complacency with many remaining “clueless” about the risks, Cameron Research has warned.

The firm says regular discussions with SMEs show that those concerned about cyber security a year ago are likely to be more concerned now, while those that weren’t concerned a year ago are still not concerned.

MD Ross Cameron says generally SMEs have given little consideration to the increased cyber threat exposure from employees using personal equipment in home environments, with many managers pre-occupied by other business issues.

“Very few businesses, especially at that smaller end of the market thought about that,” he told insuranceNEWS.com.au today. “They just hadn’t joined the dots.”

Mr Cameron says qualitative research conducted over several years shows many SMEs believe they are not on the radar for cyber criminals, and it’s an issue for large companies and government organisations.

“People say to me ‘if they are going to hack anyone, they would hack NASA, I am just a boutique business with half a dozen people’,” he says.

“There is a level of naivety around that, but the biggest problem is the blissfully unaware, those that just haven’t thought it through at all.”

Broad categories when it comes to cyber awareness include micro businesses that think they are not at risk, or that banks, cloud providers or other suppliers have the issue covered; micro businesses that are tech savvy and recognise cyber security as important; and medium sized firms that see it as a key part of their operations that they need to manage.

Mr Cameron says insurance brokers have a role in raising the subject with SMEs as part of wider risk management discussions, even if a suitable policy is not available.

“Whether it’s a risk which can or cannot be insured, they should still be having that conversation with their clients,” he says.

The Australian Cyber Security Centre (ACSC) receives about 144 reports of cybercrime a day, or one every 10 minutes. Report Cyber data indicates annual losses of $300 million.

The ACSC, which in December launched a campaign urging Australians to strengthen cyber defences, has advised of extra risks from working at home, and says COVID-19-related phishing scams were rife last year.