Published on the 09/11/2023 | Written by Heather Wright
Cost key factor as revenue-driving activities take priority…
Small businesses across Australian and New Zealand are cutting back on their cybersecurity spend as they battle inflationary pressures and declining customer spend, with more than half saying cybersecurity is just too costly.
The cuts, revealed in a study commissioned by Mastercard, come despite the report suggesting that up to 132,000 Kiwi small businesses and an estimated Australian small businesses have experienced ‘cybersecurity issues’ in the last two years. Of those impacted 29 percent of Kiwi companies and 33 percent of Australian, said they had experienced financial loss as a result of the cybersecurity issues.
“It can be difficult for them to upskill in an area which is table stakes for businesses big and small.”
Those surveyed were well aware of the cybersecurity issue, with more than half saying they worried about the risk of attacks, but with nearly two-thirds of respondents across A/NZ actively trying to scale down business costs amidst the cost-of-living crisis, cybersecurity is taking a lower priority to revenue increasing activities.
Cybersecurity was ranked the lowest concern in both countries, behind customer acquisitions, client relationships and growth.
Small businesses are the backbone of the economy for both countries, but Ruth Riviere, Mastercard New Zealand and Pacific Islands country manager, says as they continue to focus on post-pandemic recovery and growth, tackling cybersecurity may often feel like a big fish to fry for SMBs.“As data breaches and cybercrime pose real financial and reputational risks, it’s more important than ever for small business owners to educate themselves on cyber security,” adds Malika Sathi, Mastercard SVP for cyber and intelligence solutions and digital identity for Australasia.
“While the research suggests the large majority are taking some kind of action to protect their businesses, tackling the issue can often feel a little like trying to boil the ocean,” she says.
Jackson Henry agrees. He’s a 17-year-old Australian ethical hacker who rose to fame in 2021 after being one of the Sakura Samurai ethical hacking and security research team who discovered and reported a misconfiguration in the United Nation’s systems exposing more than 100,000 UN staff records.
If organisations as large as the UN, with all its might and funding, can be exposed, Henry is concerned for smaller organisations who don’t have the time or resources to invest in the software and training required to insulate themselves from phishing, malware and ransomware attacks.
“I’ve worked with businesses of all sizes, all around the world, and the pitfalls are relatively similar across the board,” Henry says.
“However, for small businesses, they often don’t know where to start and lack the time, resources and budget of larger organisations, making it difficult for them to upskill in an area which is table stakes for businesses big and small.”
Certainly, A/NZ SMBs pointed to cost, followed by the lack of knowledge of available solutions and the existing threats, along with resource as key barriers to cybersecurity.
On both sides of the Tasman, small business owners said they’d make more of an effort to put security features in place if they were aware of all the cybersecurity risks, while 65 percent of Kiwi SMBs and 68 percent of Australian, felt they would benefit from simple cybersecurity resources to get them started.
In fact, 66% of small business owners say they would make more of an effort to put security features in place if they were aware of all the cybersecurity risks, while 68% feel they would benefit from simple cybersecurity resources to get them started.
Globally, Cybersecurity Ventures estimates the cost of cybercrime will hit $8 trillion in 2023 with more than half of the attacks are targeted at small and mid-sized companies.
“Volume over value is the MO of these threat actors,” Henry says. “They care about automating as many attacks as possible.”
To reduce the risk of attacks, Henry is recommending businesses spruce up their cyber hygiene, invest in anti-virus software and back up data regularly. Increasing employee training and devising cyber security policies can also play an important role, he says.
Mastercard has teamed up with Henry to educate small businesses on common cybersecurity vulnerabilities and provide easy to understand, actionable insights to better secure their systems via a 10-part video series.
Available on Mastercard’s YouTube and social channels the series covers 10 of the most common vulnerabilities along with ‘clear, cost-effective and achievable actions’ business owners can take, including implementing multi-factor authentication, updating software regularly, limiting access rights, enhancing email filtering and developing a cyber security policy and incident response plan.