Australian federal government announces cybersecurity support for SMBs

The Australian federal government announced an $18.2-million investment to help small and medium businesses to improve cybersecurity resilience and response to cyber-attacks. The support is part of the forthcoming 2023-2030 Australian Cyber Security Strategy, expected to be released this week.

According to the Australian Small Business and Family Enterprise Ombudsman, there are more than 2.5 million small businesses in Australia, making it 97% of all businesses, with medium businesses making 2.5% of all businesses and large enterprises 0.2%.

To allow businesses to undertake a free, tailored self-assessment of their cyber security maturity, $7.2 million will be put towards establishing a voluntary cyber health check program. This health check can be used to determine the strength of their cyber security measures, and access educational tools and materials they need to upskill, according to a joint announcement by Minister for Cyber Security Clare O'Neil and Minister for Small Business Julie Collins.

Although details have not been provided, the government also said that SMBs with higher risk exposure will have access to "a more sophisticated, third-party assessment to provide additional security across national supply chains."

The remaining $11 million will go towards the Small Business Cyber Resilience Service that aims to provide one-on-one assistance to help small businesses navigate their cyber challenges, including walking them through the steps to recover from a cyber-attack.  

"Uplifting the cyber security of our small businesses is integral to a cyber secure and resilient nation, and this dedicated support will make a huge difference in their preparedness and resilience,” O'Neil said in a statement.

In her X (formerly Twitter) account, O’Neil said the total investment in SMBs was $41.6 million. The $23.4 million difference has now been clarified by the Department of Home Affairs as something previously announced as part of the federal government budget and it will go to the Cyber Wardens program, which is expected to support approximately 20,000 small businesses over the life of the program.

Concerns for SMBs' cybersecurity

Last week, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) announced a step-by-step business continuity plan for business to maintain communications and continuity of critical applications following a cyber incident.

The instructions are better suited for small to medium-sized organisations (10-300 people) who require an interim ICT solution to deliver minimal services. Professionals with a basic level of computing knowledge would be able to implement the communications package but the applications package requires someone with intermediate level of knowledge of cloud services.

Australia's cybersecurity strategy

After the three major cybersecurity breaches that put most of the Australian population on alert around their data and personally identifiable information that was stolen and, in some cases, published on the dark web, the then-new federal government rushed to take charge of the cybersecurity issues the country has been facing for years.

 In February 2023, the government launched a discussion paper seeking public views that would be used to help the appointed expert advisory board to develop the country's new cybersecurity strategy.

More than 200 submissions were received during the consultation period that ended on 15 April.

In mid-September, O’Neil revealed the first plan for the strategy which included six cyber shields with the goal to educate citizens and businesses, invest in cyber skills and collaborate with national and international partners.

At the time, the National Office for Cyber Security was led by the national cybersecurity coordinator. That was the job of Air Marshal Darren Goldie from 3 July until 15 November when he was "recalled" to deal with a workplace matter related to his time in Defence and then was on leave. Department of Home Affairs deputy secretary of cyber and infrastructure security Hamish Hansford was appointed interim national cyber security coordinator.