38% of Australian businesses are ‘extremely’ to ‘very concerned’ that they could suffer from a security breach within the next 12 months. Small business appear less concerned with only 21% extremely/very concerned and alarmingly 15% not concerned at all.
Less than half of the businesses (41%) affected are aware of the upcoming changes to the Privacy Act that will make it mandatory to report certain data security breaches. Only 1 in 5 small businesses said they were aware of the changes.
Only 40% of Australian businesses have implemented six or more of the Australian Signals Directorate Essential 8 (ASD8) strategies to mitigate cyber security incidents and just 18% reported implementing all 8. Worryingly, 12% of small businesses implemented none.
A risk and management assessment should be the starting point for any security journey, but only 56% of Australian businesses have done so. Businesses recently assessed are more likely to be concerned about their security because they have a better understanding of their risks.
Small businesses see technology as the biggest vulnerability in their information security, but larger organisations have a more balanced understanding of the risks across their people, processes and technology.
While 84% of businesses are aware of printing related security threats, only 4 in 10 businesses have their printers secured. Small businesses are less aware of printer security issues with 31% not aware of risks vs. 5% of larger businesses.
Only 56% of Australian businesses have a documented internal IT security/cyber security policy for employees, with only 55% investing in security training. Small businesses are even less likely to have these protection strategies in place.
The most common security incidences in last 12 months were viruses, spam, malware/spyware, phishing and ransomware. On average it took 24.7 days to detect a data breach.