Sixty per cent of Australian small businesses were targets of cyber breach attempts or security incidents in the past year, and 87% would consider paying in the event of a ransomware attack, according to a survey of more than 1400 IT professionals.

Researcher and cybersecurity specialist ESET’s president of Asia-Pacific and Japan Parvinder Walia says small businesses must understand that paying cybercriminals “only perpetuates further cybercrime”. 

“Instead, they should focus on implementing proactive measures to prevent cyberattacks,” he said. “Although small businesses are confident in their security measures and IT expertise, a majority still faced cybersecurity incidents over the past year.” 

Only half of those surveyed are using vulnerability and patch management software.

Mr Walia says paying a ransom does not guarantee data will be recovered and may breach Australian sanctions and criminal laws. 

Instead of paying ransoms, targeted businesses should immediately seek help from authorities and their cybersecurity providers, and utilise resources such as the No More Ransom initiative, which provides tools to recover data without paying criminals.

ESET is an associate partner of the initiative and has contributed decryption tools.

About 86% of survey respondents are highly confident in their security systems, but 42% expect a rise in cybersecurity spending over the next 12 months.

More than one-third outsource some of their cybersecurity responsibilities to a third-party service provider, while almost one-quarter manage cybersecurity in house and do not plan to outsource. About one-fifth intend to outsource some or all aspects of cybersecurity in the next year.