If you asked any small business owner in Australia for the number one concern that keeps them up at night, very few of them would say the threat of cybercrime. Talent acquisition, new business acquisition, and funding are often the most common challenges for small businesses. And it’s easy to see why; business leaders deal with these things daily, so naturally, they’re top of mind.

But imagine a $46,000 bill comes out of the blue. It would be insurmountable to nearly every small business — enough to sink an organisation or cause a serious financial headache to those able to withstand it. 

That $46,000 is now the average cost of cybercrime for a small business. As 2023 saw a 23% surge in reports of cybercrime in Australia, now is the time for small business owners to consider their cyber protection as an investment in continuity. In 2024, businesses must prioritise improving their cybersecurity defences and bringing cyber threats to the top of their list of concerns.

Cybersecurity is now as important as cash flow for any small business

The unfortunate truth is that SMEs are often cybercriminals’ primary targets. Why? Because they are often the most unprepared and unprotected against cyberattacks. 

Almost half of SMEs rate their understanding of cybersecurity as 'average' or 'below average.’ As a result, small businesses have some of the most preventable security vulnerabilities and weaknesses. 

In an analysis of over 1,000 Australian SMEs, Coalition found a staggering three in four (75%) Australian SMEs use non-secure internet connections, almost half (45%) use non-secure email services, and nearly one in four (24%) have insufficiently configured an email security system or do not have one at all. 

Due to limited human and financial resources, these businesses are often incompetently set up to reduce these vulnerabilities, configure their security protocols, and defend themselves against cyber-attacks. SMEs have a significantly lower level of cyber maturity capability than medium and large enterprises. 

As organisations worldwide generate more data and depend on internet-connected resources than ever, it is mission-critical for SMEs to invest in their security. But with limited resources, high-cost security programs are out of reach. Fortunately, there are lower barriers to entry to secure cyber insurance.

‘Active’ cyber insurance: a new approach to protecting Australian small businesses

While some small businesses may have previously considered cyber insurance or even taken out a policy, these policies were likely developed based on historical approaches to insurance that were not built for the modern age. Therefore, it’s no surprise that only 20% of Australian SMEs have a dedicated cyber insurance policy.

However, small businesses should revisit engaging a policy as a new type of cyber insurance called ‘active’ cyber insurance has entered the Australian market.

Active cyber insurance is a new approach tailored specifically for small businesses in the 21st century. Unlike traditional insurance, active cyber insurance involves a proactive approach to risk management, using technology to assess an organisation’s risk and determine its premium. That means the premium directly correlates with a company’s cyber profile — not just its industry or size — and reflects improved security controls.

Active insurance also means when an attacker inevitably breaks into a company’s systems, an in-house claims team will be on standby to ensure the business quickly recovers from an incident and returns to normal operations.

By combining assessment, protection, and response, active cyber insurance helps small businesses understand their cyber weak spots to improve their defences and, ultimately, help prevent attacks. Premium aside, it’s insurance that just makes sense.

Making cybersecurity a top business priority

Heralded as the backbone of the economy, SMEs can do more to lead the change and adopt a proactive approach towards cybersecurity before an irreversible attack. With cyber breaches becoming more prevalent and threat activity increasing, small businesses must stay ahead of cybercriminals and adapt to the digital age.

Cybersecurity must be top of mind to help businesses avoid an unexpected $46,000 bill. Dedicated cyber insurance is one way for these organisations to lower their risk and take their cybersecurity defences into their own hands — and active insurance helps them prevent an attack before it can cause considerable damage.

By Sam Weaver, general manager, Coalition Australia