Aussie Small Businesses Still Not Prioritising Cyber Security

Australian small businesses remain a soft target for cyber criminals, with the Ipsos‑Optus study revealing that just 40% actively prioritize security. Even as AI‑powered tools automate phishing, ransomware and credential‑stuffing attacks, many owners devote fewer than two hours each month to defenses. The data shows a stark contrast between awareness and action: one‑third have already experienced breaches, yet 60% operate without a documented response plan, and sole traders exhibit the highest vulnerability.

Regulatory pressure is mounting. The Office of the Australian Information Commissioner’s first‑ever compliance sweep, launched in January, targets sectors with high privacy risk—rental agencies, pharmacists, car dealers and similar businesses. Failure to meet OAIC’s strict privacy standards can trigger fines and reputational damage, especially when personal identification documents are mishandled. The sweep underscores that basic protections are no longer sufficient; firms must align cyber hygiene with privacy obligations across the data lifecycle.

In response, Optus is rolling out the FutureFit program, a series of free, expert‑facilitated workshops designed to demystify cyber resilience for small enterprises. The curriculum emphasizes strong password hygiene, multi‑factor authentication, and regular awareness training—practical steps that can be implemented without extensive budgets. By making resilience intentional rather than optional, FutureFit aims to shift the industry narrative from reactive firefighting to proactive risk management, ultimately safeguarding the broader Australian economy from the growing tide of automated cyber threats.