A quarter of Australia’s small and medium businesses (SMBs) would not survive the financial and reputational damage of a privacy breach.
Research by global technology platform Zoho, found that 79.6 per cent of Australian SMBs said that the breaches at Australian organisations such as Medibank, Optus, and Telstra, have influenced their views on privacy concerns, with 64.8 per cent taking action to improve their protections.
Vijay Sundaram, Chief Strategy Officer at Zoho, said data privacy is one of the defining issues for the business community today and that unfortunately, while awareness and concern are increasing, action is not.
“According to our research, the majority (59.4 per cent) of small and medium businesses understand that they’re just as susceptible to a breach as big businesses. However, that is still failing to translate into action; an issue that could become exacerbated with so many SMBs unprepared for proposed regulatory changes or the impact of a breach in the first place.”
The Australian Cyber Security Centre (ACSC) received over 76,000 cyber-crime reports in the 2021-22 financial year, a 13 per cent increase compared to the year before, representing one report every seven minutes.
Only 51.8 per cent of respondents believe that their business understands its requirements in accordance with The Privacy Act 1988, which concerns the collection, use, storage, and disclosure of personal information.
Two-thirds of SMBs collect data about their customers and website visitors, which would bring them under the jurisdiction of the legislation. However, 41.4 per cent had not communicated with their clients about the data they collect, and one in five did not realise they had a responsibility to do so.
Matt Koopmans, CEO and Founder of Aurelian Group, said there are many SMBs who think they’re too small to be at risk and aren’t making any efforts to protect their business or their customers.
“Regardless of upcoming legislation and consumers becoming more concerned about their data privacy, small businesses should ask themselves: ‘Does the data I collect have value for my business and my customers?’. If it doesn’t add value, it adds cost and risk. What you don’t keep, can’t be stolen.
“Only if the answer is ‘yes, this information is of value to my business operations’, small businesses must reduce risk for both them and their customers; have a clear policy outlining what client data is to be retained, what software or services are sanctioned to be used that can access that data.”
Koopmans said that businesses shouldn’t use software that they don’t trust, be vigilant in vetting the vendors they do engage, educate their staff about best practice, communicate openly with their customers and put in place plans and policies to guide their response to a breach.
To stay up to date on the latest industry headlines, sign up to the C&I e-newsletter.