Human Error: An Overlooked Cyber Risk for SMEs!

As cyber risk continues to grow for Australian small businesses, one area of risk that often goes unnoticed is human error. While technology and systems are crucial components of cybersecurity, employees play a vital role in safeguarding data and preventing breaches.

The Role of Human Error in Cyberattacks

"Human error is a huge source of cyberattacks and data breaches," says Brad Miller, General Manager and Co-Founder of BizCover, Australia’s leading small business insurance platform. "Many malicious attacks, like ransomware and system hacks, start with someone making a simple mistake."

Data collected by the Office of the Australian Information Commissioner (OAIC) supports this view. Between January 2021 and June 2024, 25-33 per cent of breaches reported to the OAIC were attributed to human error, peaking at 41 per cent during the July to December 2021 reporting period.

Employees as the First and Last Defence

A business’s employees are often its first and last line of defence against cyberattacks. However, many SMEs are lagging in providing adequate cybersecurity training for their staff. Only 38 per cent of small businesses surveyed by Cyber Wardens reported that their staff receive cybersecurity training, and 53 per cent "can’t recall a time cybersecurity has been discussed in the workplace."

The Importance of Cyber Education

Cyber education should be a fundamental part of any SME's cybersecurity plan. Cybercriminals are adept at finding the weakest links in an organisation, and all too often, employees are their way in. Phishing, the third-most reported scam to ScamWatch in 2024, relies on individuals making a mistake or poor judgment call.

"You get an email that appears to be from someone you trust—your boss, a supplier, your commercial landlord. They ask you to click a link, verify login details, or transfer money to a new account. Except the email is not from them; it’s from a cybercriminal ready to use those details to steal data, money, or both," Miller explains.

Phishing and other social engineering attacks may also play on the receiver’s emotions, creating a false sense of urgency and hoping you’ll act before verifying the information in the message.

Comprehensive Cybersecurity Measures

While cyber training is essential for SMEs, it’s only one part of a robust cybersecurity plan. Other measures, such as employing multi-factor authentication (MFA), eliminating shared passwords, and patching software immediately, are also key to protecting a business’s data.

The Role of Cyber Liability Insurance

Cyber Liability insurance can be crucial in helping small businesses manage cyber risk and cyberattacks. The financial support and resources provided by Cyber Liability insurance can be critical following a cyber incident.

"Cyber incidents are often expensive, creating unplanned bills related to investigating the cause of a breach, restoring data, and notifying affected customers," says Miller. "A Cyber Liability policy can help small businesses handle these costs. They also offer 24-hour incident response services that connect business owners with all-important resources to help minimise the damage and get back to business as usual as quickly as possible."

The latest figures released by the Australian Signals Directorate (ASD) reveal that the average cost of cybercrime for small businesses was $49,600 in FY24—an 8 per cent increase from the previous financial year. Furthermore, the Cyber Wardens survey found that 31 per cent of those surveyed had low or no confidence in their ability to find help after a cyberattack, and 39 per cent strongly doubted that they could recover after an incident.

Conclusion

Human error is a significant but often overlooked cyber risk for SMEs. Cyber Liability insurance can play a critical role in protecting small businesses, alongside cyber education and preventative security measures. A policy may give SMEs added peace of mind and confidence that they can successfully manage and recover after a cyberattack.

Cybermate is committed to supporting small businesses by providing high-quality cybersecurity solutions and educational resources. Together, let's create a safer, more secure digital environment.