Actuaries Institute stresses need for SME cyber defenses

Large corporations reinforced cybersecurity, whilst many SMEs remain behind.

Small-to-medium-sized businesses (SMEs) in Australia face increasing risks from costly cyberattacks unless they receive enhanced support to strengthen their cyber defences, a recently released paper by the Actuaries Institute said. 

Authored by actuary Win-Li Toh, with Dr. Michael Neary and Sarah Wood, the paper, “Cyber Protection Gap Widens for SMEs”, highlighted a growing disparity in cyber preparedness between large Australian corporates and the nation’s 3 million SMEs. 

The authors argue that bridging this “cyber protection gap” requires ongoing collaboration among government, insurers, tech providers, and SMEs.

Toh notes that recent high-profile cyberattacks have prompted large corporations to enhance their cybersecurity measures, but many SMEs have not followed suit. 

She attributes this to SMEs’ limited capacity to address complex cyber risks, with many deterred by technical language and high costs. 

Additionally, some SMEs mistakenly believe they are too small to attract cybercriminals, unaware that a significant cyber incident could threaten their business's survival.

Cybercrime reports in Australia rose by 23% in 2022-23, totalling 94,000 incidents, with the average cost for a small business increasing by 15% to $46,000. 

Toh, who will serve as Actuaries Institute president in 2025, stresses the need for concerted efforts to close the SME cyber protection gap, noting that 62% of SMEs reported experiencing a cyberattack.