Designed in collaboration with the Department of Prime Minister and Cabinet, the survey received over 1700 responses, and delivers a baseline understanding of the level of cyber security practices and knowledge among Australian small and medium businesses.
In October 2019, the ACSC used preliminary findings to launch the flagship ACSC Small Business Survey. These findings also informed several Step-by-Step Guides which provide small businesses with direct instructions on how to increase their cyber security.
Since publicly announcing the preliminary findings and results in October 2019 as part of the Australian Cyber Conference, the ACSC continues to deliver a substantial suite of evidence-based cyber security guidance. The complete Small Business Report provides a comprehensive insight into Australian small businesses’ challenges, levels of understanding, and practices when it comes to cyber security.
Today, a number of new publications, including five Step-by-Step Guides and one addition to the Quick Wins Series, have been released by the ACSC in conjunction with the release of the Small Business Survey Report.
Results of the survey demonstrate:
- Cyber security incidents cost Australian businesses an estimated $29 billion every year.
- 72 per cent of businesses that had previously experienced a cyber incident, thought it likely or almost certain to experience another one in future.
- Nearly 50 per cent cannot or will not spend more than $500 on IT security annually.
- In the event of a cyber incident, 87 per cent of businesses believed they could regain normal operations immediately or within a few days
- Nearly 90 per cent of small businesses are seeking to understand and manage cyber security threats.
- One in five small businesses that use Windows have an operating system that stopped receiving security updates in January 2020.
- Nearly one in five Mac users were unaware of what operating system their business was using.
- Nearly one in ten were unable to explain cyber threat terminology such as Malware, Phishing, Ransomware, or Insider Threats.
- Only 3 per cent of sole traders outsource their own cyber security, compared to 35 per cent of businesses with 5-19 employees.
- Businesses who outsourced their IT security might believe that they are better protected than they really are.
- This was supported by the fact that a large proportion of businesses who had outsourced their IT security had low implementation of the Essential Eight Mitigation Strategies.
- Australian small business underestimate their recovery time from a cyber security incident.
- The most common barriers identified in the survey for small business owners to implement good cyber security practices are:
- Lack of dedicated IT staff
- Complexity & self-efficacy
- Planning & responding
- Underestimating risk of cyber security incidents
Action-oriented publications informed by survey results are available on the website and include:
- The ACSC Small Business Cyber Security Guide
- 11 Step-by-Step Guides including backups, automatic updates, and two factor authentication.
- 3 Quick Wins Series publications, including portable devices, websites, and end-of-support.
- Rapid development of COVID-19 guidance for small businesses, ensuring Australian small businesses remained cyber resilient to evolving threats as they adapt to operating remotely during the pandemic.
Key findings from the survey also inform our engagement with small business and industry representatives and state and territory government bodies as we collaborate to tailor advice specifically for the Australian small business sector. More Step-by-Step Guides are currently in production, and the ACSC will continue to expand and tailor guidance informed by the Report for the Australian small businesses sector.