Cyber attacks impact 60% of mid-sized Australian businesses

A recent survey by business management platform MYOB has revealed that three out of five mid-sized Australian businesses have experienced a cyber-attack or cyber incident. The research highlighted that the frequency of such incidents rises notably in certain industries, with 81% of respondents in finance and insurance, 68% in wholesale, and 62% in the business, professional, and property sectors reporting attacks.

The survey, which included 500 mid-sized Australian businesses with 20 to 500 full-time employees and revenues exceeding AUD $5 million, found that 83% of respondents had implemented cyber security upgrades or undergone cyber training within the last two years. Additionally, 84% indicated they felt prepared for a potential cyber event or attack.

Peter Wolski, Head of Information and Cyber Security at MYOB, pointed out that although the high percentage of businesses undertaking cyber security measures is encouraging, there is a risk that these businesses could become complacent. "Cyber security should be top of mind for businesses of all sizes, but the mid-market often represents a tipping point where the threat can become particularly critical," Wolski stated.

He added that as mid-sized businesses scale up, they often outgrow previously implemented solutions, necessitating formal processes and policies for all employees. "While survey findings suggest that mid-market leaders understand the importance of cyber security, and the majority are maintaining best security practices, the threat remains very real. Businesses should remain vigilant, especially as cyber criminals grow more sophisticated," he noted.

Mid-sized businesses, defined as those with 20 to 199 employees, contribute a significant 21% to Australia's gross domestic product (GDP). The Australian Signals Directorate's Cyber Threat Report for 2022-2023 indicated that the average cost of cybercrime for medium businesses during that year was AUD $97,200, higher than the averages for small businesses at AUD $46,000 and large businesses at AUD $71,600. The most common types of cybercrimes reported were email compromise, business email compromise fraud, and online banking fraud.

The report also pointed to the increased sophistication of cyber-attacks, partly driven by advancements in technology such as Generative AI. While Generative AI offers benefits through automation and improved communication, it also provides tools for cyber criminals to develop more convincing fraudulent messages that could deceive businesses. Wolski stressed the importance of heightened vigilance, as scam communications are becoming harder to identify at a glance.

As businesses grapple with rising costs and decreased consumer spending, the necessity for robust cyber security measures becomes even more pronounced. The consequences of a cyber incident can be significant, and mid-sized businesses, in particular, must ensure they stay ahead of evolving threats to protect their operations.

The MYOB survey, conducted by Dynata, included a nationally representative sample of 593 business owners and senior decision-makers from mid-sized businesses across Australia. The data collection took place between 22 March and 15 April 2024, with quotas maintained across various industry sectors to obtain a reliable and diverse cross-section of the mid-market landscape.