Cyberattacks on small business
Cyberattacks are common. According to the latest report from the Australian Signals Directorate, one occurs every six minutes, with the financial losses for small businesses averaging around $49,000. But financial loss isn’t the only concern – there’s also the potential reputational damage with your customers and suppliers.
Not all cyberattacks are created equal
A cyberattack is a broad term that refers to a deliberate attempt by criminals to steal sensitive data, disrupt operations, cause damage to systems, or gain unauthorised access. Most cyberattacks are financially motivated.
Common cyberattacks facing small and family businesses
- Business Email Compromise – One of the most common cyberattacks targeting small businesses is where a criminal gains unauthorised access to your business email account. They now have access to all your emails which could include sensitive information about you or your clients. Worse, the criminal could impersonate you or send emails from your account to customers or suppliers containing malware or fraudulent bills.
- Ransomware – Another common attack where a criminal gains access to your device and installs malicious software. You try to open your device and find that your files are inaccessible. You’ll then receive an extortion message demanding payment (often in cryptocurrency) to regain access to your files or threaten leak your data if you don’t pay.
- Hacking social media accounts – Criminals are also increasingly targeting small business social media. Once they’ve gained access, they can pretend to be you and send all your customers messages that may contain malware or lock you out and demand money to hand back control!
Who can help you?
The free Small Business Cyber Resilience Service is a national scam, identity, and cyber support service to help Australian small businesses (with 19 or fewer employees). It is provided by IDCARE and funded by the Commonwealth Government.
As each cyberattack is unique, the way you respond should be tailored to the specific incident and in accordance with any legal requirements.
For example, if the attack results in the exposure of valuable data, you may be required to report it to the Office of the Australian Information Commissioner. Additionally, if your business is covered by the Privacy Act 1988 (Cth), you’ll need to comply with the requirements of the Notifiable Data Breaches scheme.
If you’ve experienced an incident, IDCARE will connect you with an expert case manager who will assess your situation and provide advice on what you should do. This will include a step-by-step response plan tailored to your needs.
The Small Business Cyber Resilience Service also offers free expert cyber advisors who can check your devices for compromises and remove malicious elements.
Prevention is key
We know that most small businesses are time-poor. You don’t want to spend time dealing with a cyber incident, which is why the Small Business Cyber Resilience Service also provides guidance on how to prevent one from happening in the first place.
By completing the Privacy and Cyber Health Check, IDCARE cyber advisors can assess your current security measures. You can also book a one-on-one advisory session where our experts will guide you through additional protective measures tailored to your business. This can save you time, money, and stress!
Find out more about this service at idcare.org/smallbusiness.
To discuss your situation, and get connected with people that can help, reach out to our Assistance team.
Small Business Case Studies
Leaking Roof Disputes in a Commercial Lease
In the 2025/26 financial year the Queensland Small Business Commissioner (QSBC) held mediations for multiple cases involving leased commercial premises with leaking roof issues. In each of those disputes the circumstances, the lease agreements, the strategies to resolve the issues, the parties’ relationships and ultimately the outcomes were all different.
Struggling to Pay Rent on Your Commercial Lease
If you’re finding it hard to pay rent on your commercial lease, you’re not alone. Many small businesses face this challenge, and while it can feel overwhelming, there are steps you can take to address the situation. Help is also available to guide you through this process.
Understanding the Return of a Commercial Lease Bond in Queensland
When a commercial lease ends, one of the final matters to resolve is the return of the bond or other lease security. In Queensland, there’s no central authority for holding commercial or retail lease bonds — unlike South Australia, where bonds are lodged with the Small Business Commissioner, or New South Wales, which operates a Retail Bond Scheme. Instead, how lease securities are held and returned in Queensland is determined by the lease agreement between the landlord and tenant.
Check out our Fact Sheets
