Small business owners could be putting their businesses at risk by relying on younger family members or employees to manage their cybersecurity.
A new survey has found two-thirds of Australia's small business owners believe tech-savviness equates to cyber-safety skills.
But our first generation of digital natives, Gen Z (born between 1997 and 2010), are among the least cyber safe in the country.
The survey found members of Gen Z were most likely to rate cyber security as a low or medium threat to small businesses they owned or were employed in.
They also struggled more than other groups to identify and prevent some of the most common cyber attacks faced by small businesses, such as identity theft, malware attacks, and ransomware.
According to the survey, the safest pair of hands in the small business community appear to be those Gen Xers and upper Millennials in their 30s, who are the most likely group to take cyber security seriously.
Small businesses increasingly targeted
The survey was conducted for the Council of Small Business Organisations Australia (COSBOA) for its Cyber Wardens initiative.
In October, COSBOA announced a plan to launch a Cyber Wardens pilot program as a new resource for Australia's small businesses to learn how to protect themselves from cyber threats and scams, which cost the economy an estimated $29 billion a year.
It made the announcement in the midst of some of Australia's worst data breaches, which targeted Optus and then Medibank.
When those attacks happened, cybersecurity experts warned the hacks left customers of those businesses vulnerable to identity theft and financial scams, and they criticised Australia's large companies for not taking data security seriously enough.
But academic research also shows small businesses are facing their own problems because they are increasingly becoming attractive targets for cyber criminals but lack the resources of larger companies to combat them.
COSBOA says it will roll out its free Cyber Wardens program across the country this year for Australia's small businesses.
Ahead of the launch, it asked 89 Degrees East to survey small business owners and employees to gauge their attitudes to cyber threats and measure their competencies around cybersecurity.
COSBOA said the survey results contained a warning.
It found members of Gen Z were among the least cyber safe, lacking the awareness and key competencies of cybersecurity compared to their older colleagues.
Of all the age cohorts, Gen Xers and upper Millennials in their 30s are the most likely to take cybersecurity seriously.
Older cohorts are also more familiar with cyber security risks than Gen Z.
Overall, COSBOA says only one in five small business owners and employees are confident in their ability to prepare for (23 per cent), fight (21 per cent) and recover from (21 per cent) a cyber threat.
It says the survey results also show small business owners should not rely on younger family members or employees to prepare their business against cyber attacks and other security problems.
"A good first step is taking stock of who is responsible for your business's cyber protection," COSBOA's chairman Matthew Addison said.
"Don't just assume your kids or younger employees are the safest pair of hands when it comes to online activity."
What is the Cyber Wardens program?
The Cyber Wardens program has been developed in partnership with the Commonwealth Bank (CBA), Telstra, and the Australian Cyber Security Centre (ACSC).
According to the ACSC, 43 per cent of all Australian cyber crime is directed at small businesses.
COSBOA says it wants the program to become Australia's first cyber-safety workplace certification for the small business sector.
Under the program, participants will be trained based on the ACSC's Essential Eight mitigation strategies and be empowered to:
- Learn about common cyber threats that could impact their business and keep their cyber safety knowledge up to date
- Act as a cyber champion to help uplift the safety of the business, its employees and help protect their customers
- Promote better practices for managing safer pass phrases across small business
- Implement cyber-safety standards in their workplaces
- Help small businesses have a risk mindset with how they run their business
- Have knowledge about where to get further support and report cyber threats
What about the survey?
The research was conducted by 89 Degrees East on behalf of COSBOA, with the findings drawn from a survey of more than 2,100 business owners and employees (564 business owners and 1,553 employees).
The survey was conducted from November 2 to December 7, 2022.
It was conducted online with participants sourced from a commercial opt-in research panel and through COSBOA member organisations.
The sample was recruited with quota management to reflect population profiles for gender, age and location.
89 Degrees East said the survey was developed following an initial literature review to ensure the research was building on existing data on cybersecurity views and experiences.