The State of Cybersecurity at Australian SMEs in 2020 - Securitybase

The State of Cybersecurity at Australian SMEs in 2020

In my line of work, I have interacted with hundreds of small and medium-sized businesses (SMEs), and, based on my experiences with them, I decided to explore the state of cybersecurity at Australian SMEs. Cybersecurity is a crucial element of any business and should always be standard practice. Unfortunately, I found that many SMEs choose to forego proper cybersecurity and cyber hygiene.



Why Increased Cybersecurity is Crucial for SMEs

Cybercrime is a constant worry for any business and especially worrisome for SMEs. With less money and power to implement large-scale cybersecurity, SMEs are at high risk for cybercrime and attacks. Large corporations can include IT departments, chief information security officers, staff awareness programs, and more in their budgets - programs and people that SMEs usually cannot afford.

Large corporations implement information security management systems (ISMS) to protect their data and assets, which is a costly but often necessary addition to their businesses. The cybersecurity threat to SMEs is rapidly increasing because they do not have the resources, funds, or knowledge to add the same level of security as large corporations.

The Current State of Cybersecurity in SMEs

I held a questionnaire about cybersecurity among 102 SMEs across six states and 15 industries.

Some of the SMEs included in the questionnaire are quoted below:

“I have a Mac, so I do not need any antivirus software.”

“Nobody will hack me; I’m just a small business.”

“I thought I was safe. I panicked when all my files were suddenly gone.”

The startingly revelation that their small business was not as safe as they once thought has affected countless SMEs throughout Australia. Indeed, 91% of the interviewed businesses experienced some form of cybercrime in the past year, and 31% of them were impacted by cybercrime in the past three years. The average financial impact was more than $1,000, and 16% of the SMEs interviewed had a cost of more than $10,000.

Amazingly, 19% of the 102 businesses questioned felt that they were not vulnerable to cybercrime, and 39% felt better prepared than other companies.

It’s not entirely clear why so many SMEs choose not to make cybersecurity a priority. However, I found that most SMEs get their cybersecurity information from news media (36%), professional networks (28%), consultants (26%), and social media (22%), while only 16% get their information from trusted government websites.

Other Research Findings:

  • Only 10% of the SMEs interviewed have cyber insurance.
  • 61% of the SMEs claim that they are well-informed about cybercrimes while only 19% use a VPN when connecting to public Wi-Fi.
  • 60% (Your infographic says 40) of the businesses spend less than $1,000 on cybersecurity, and 20% spend nothing.
  • 62% of the SMEs are not familiar with government initiatives aimed to curb cybercrimes.


    Cybercrime is not viewed as a serious crime by most businesses. For those Australian SMEs that wish to increase their security measures, most lack the knowledge on how to protect themselves, and government initiatives to counteract SME cybercrimes have gone largely unnoticed by SMEs. Small and medium-sized businesses are extremely vulnerable to cyberattacks, and the vast majority have no defenses in place.

    What does the future hold for Australian SMEs? It’s hard to tell. Hopefully, new and more widely spread education campaigns will come out and make a difference.

    Back to blog