New research shows it's time to rethink cyber resilience from the ground up
Cyber security isn’t just a problem for big corporations. According to the Cyber Wardens’ Small Business Cyber Security Pulse Check, 48% of Australian small businesses feel unprepared to deal with a cyber attack. Yet despite this, many continue to underestimate their risk. A gap that cyber criminals are increasingly exploiting.
Small and medium-sized enterprises (SMEs) make up more than 97% of Australian businesses. They power our economy and support local communities, but many are operating with limited resources, tight budgets, and minimal cyber training. That makes them easy targets.
The cyber basics are still being missed
The Cyber Wardens report reveals a concerning picture: while more than half of small business owners say they’re confident in their cyber security, fewer than 1 in 5 are across basic protective measures like multi-factor authentication or secure password practices.
Even more striking, 45% don’t think their business is a target for cyber crime at all.
This mismatch between confidence and reality is exposing businesses to serious consequences. A successful phishing scam, ransomware incident or data breach can cause reputational damage, business downtime, lost customer trust and financial stress. In some cases, it can mean the end of the business altogether.
Emerging risks like AI-generated scams are also raising the stakes.
The Cyber Wardens’ latest research on AI warns that many small businesses are unaware of how tools like deepfakes, AI-generated phishing emails, and even voice cloning used in vishing (voice phishing) are making attacks harder to detect and respond to. New forms of AI-powered attacks, such as vibe-coding - where attackers mimic tone, emotion, and context to build trust - are further complicating the threat landscape, highlighting the need for ongoing training and awareness.
Cyber resilience is as much about leadership as it is about IT.
Cyber security is no longer just an IT problem. It’s a business-critical issue that impacts every part of an organisation, from operations to reputation. That means owners, managers, and frontline teams all have a role to play.
Building a cyber-resilient culture starts with simple, practical steps:
- Regular staff training to spot scams and suspicious activity
- Strong, unique passwords and two-factor authentication
- Keeping software up to date and regularly backing up data
- Having a plan in place for how to respond if something goes wrong
SMEs don’t need to do this alone. Resources like the Cyber Wardens training program make it easy for small businesses to upskill teams quickly - no jargon, no tech degree required.
How Canberra is helping SMEs stay secure
As Australia’s cyber capital, Canberra is uniquely positioned to support SME cyber resilience. Through the Canberra Cyber Hub and its growing network of partners, small businesses have access to:
- Practical cyber awareness workshops and events
- Tailored security readiness assessments
- Local service providers who understand SME needs
- Guidance on emerging threats like AI-driven scams
- Support navigating compliance, regulations and risk management
Canberra’s cyber ecosystem is focused on global solutions with local impact.
Whether you're running a retail store, managing a small consultancy, or growing a startup, cyber security needs to be part of your business strategy - not an afterthought.
Cyber security is small business security
The good news? With the right support, Australian SMEs can turn today’s risks into tomorrow’s resilience. By embedding basic cyber hygiene, building team awareness, and tapping into expert help, small businesses can protect what matters most - their people, their customers, and their future.
