30 March 2025
A cyberattack occurs every 6 minutes with financial losses for small business averaging around $49,000 but the potential for reputational risk and losing the trust of your customers is one of the biggest impacts we hear about from small business.
So, what should you do if you experience a cyberattack? Who do you tell? And how can you prevent one in the first place? The answer depends on the type of data the criminal has accessed, and expert advice is needed.
Common cyberattacks facing small and family businesses:
Business Email Compromise
Ransomware
Hacking social media accounts
The free Small Business Cyber Resilience Service is a national scam, identity, and cyber support service to help Australian small businesses (with 19 or fewer employees). It is provided by IDCARE and funded by the Commonwealth Government.
As each cyberattack is unique, the way you respond should be tailored to the specific incident and in accordance with any legal requirements.
For example, if the attack results in the exposure of valuable data, you may be required to report it to the Office of the Australian Information Commissioner. Additionally, if your business is covered by the Privacy Act 1988 (Cth), you’ll need to comply with the requirements of the Notifiable Data Breaches scheme.
If you’ve experienced an incident, IDCARE will connect you with an expert case manager who will assess your situation and provide advice on what you should do. This will include a step-by-step response plan tailored to your needs.
The Small Business Cyber Resilience Service also offers free expert cyber advisors who can check your devices for compromises and remove malicious elements.
For further details on small business cyberattacks, see the Queensland Small Business Commissioner website.