Remote Help
Phone Portal
Customer Portal
AWS access
1300 456 725
English
Security
November 28, 2025

SMEs, Australia Is Getting Hot On the Radar - And So Should Your Cyber Defences

If you think “We’re too small to matter” when it comes to cybercrime — think again.

ASD’s latest Annual Cyber Threat Report 2024-25 makes it crystal clear: small and medium businesses across Australia are being heavily targeted, and the financial and operational risks are climbing fast. As more SMEs depend on digital tools and online processes, you’re no longer just a potential target — you may already be one.

The Numbers You Shouldn’t Ignore

  • Over the past year, the Australian Cyber Security Hotline got 42,500+ calls, up 16% from last year — that’s about 116 calls every day.
  • The ACSC responded to 1,200+ cyber security incidents, an 11% increase from 2023-24.
  • 84,700+ cybercrime reports were made — that’s roughly one report every 6 minutes.
  • For small businesses: the average financial cost per cybercrime report jumped 14% to about A$56,600. For medium businesses, the cost rose ~ 55%, and for large businesses it skyrocketed ~ 219%.
  • Ransomware remains a top disruptor. The ACSC responded to 138 ransomware incidents in 2024-25.
  • Denial-of-Service (DoS / DDoS) attacks spiked, with over 200 incidents, a 280%+ increase over last year.

In short: cybercrime is frequent, costly, and getting more aggressive — even toward “smaller fish.”

Why SMEs Are Being Targeted

  • Growing digital reliance – As businesses use more cloud platforms, remote access, and third-party services, there are simply more entry points for attackers.
  • Credential theft and reuse – Cybercriminals are buying stolen usernames and passwords on the dark web, then using them to break into business accounts.
  • Ransomware + data theft = double whammy – Attackers don’t just encrypt data; they often steal it first and threaten to release it unless you pay.
  • State-sponsored attacks – It’s not just random criminal gangs. Government-backed threat actors are targeting Australian businesses, critical infrastructure and governments for espionage, disruption or future destabilisation.
  • Rising use of AI by criminals – Cyber gangs are starting to use generative AI to scale up phishing, produce fake content, bypass defences, and automate credential harvesting.

If your business holds any valuable data — client info, financial records, IP, or even just the ability to keep trading — you need to assume you’re on someone’s radar.

What SMEs Should Do Right Now — The “Small Biz Cyber Resilience Checklist”

ASD strongly recommends that businesses adopt a mindset of “assume compromise” — and then focus on protecting what matters most.

Here’s what you can do this week / month to lower your risk and better protect your business.

Easy “Hygiene” Steps Anyone Can Do
  • Use strong, unique passwords or passphrases, and never re-use them for different accounts.
  • Enable Multi-Factor Authentication (MFA) everywhere — email, admin portals, cloud services, financial platforms, etc.
  • Keep devices and software up to date. This includes operating systems, apps, firmware, and any internet-connected devices.
  • Back up important data regularly. And store backups offline or in a secure cloud vault — so they’re not vulnerable to ransomware.
  • Be alert for phishing, smishing, or social engineering attempts. Train staff (especially anyone who works with email / invoices / finance) to recognise suspicious links, attachments, or unusual requests.

ASD says these simple defences could prevent the majority of cyber incidents reported last year.

For a More Robust Cyber Posture (the “Big Four Moves”)

For SMEs with growing digital footprints, consider taking more structured steps — especially if you handle customer data, have third-party vendors, or want to keep sensitive systems safe. The ACSC recommends four strategic areas:

  1. Implement strong logging and monitoring
    • Use security logging tools — like SIEM or SOAR — so you can spot anomalous activity early.
    • Proper event logging is the first line of defence to detect, investigate, and respond to a breach quickly.
  2. Replace legacy IT / outdated tech
    • Older systems often lack security support, making them a favourite entry point for attackers.
    • If you’re still running unsupported software, old servers, or outdated devices — that’s a risk you don’t need.
  3. Manage third-party / supplier risk
    • If you rely on vendors (e.g., cloud services, software providers, outsourced IT support), treat them like part of your attack surface.
    • Ensure they follow good security practices, and that you have a clear visibility of who has access to what.
  4. Prepare for the future (post-quantum cryptography readiness)
    • It may sound technical — but basically: start thinking about how quantum computing will impact encryption in the coming years.
    • For many SMEs, this will be a longer-term piece — but worth planning for, especially if you handle particularly sensitive data.

What This Means for Opal Logic Clients — And Why It Matters

At Opal Logic, we help SMEs stay lean, efficient and future-ready. But “lean and efficient” shouldn’t mean “exposed and vulnerable.”

If you’re running a small to medium business, now is the time to get serious about your cyber hygiene. The financial and reputational costs are real: an average of A$56,600 per incident for small businesses — and potentially much more if the attack involves data loss, downtime, or breach of client data.

By adopting just a few common-sense measures — MFA, backups, patching, monitoring — you can dramatically reduce your risk. For clients using our services, we should be thinking about how to bake those defences into your systems and operations as standard.

Final Thought

Cyber risk isn’t just a “big business problem” anymore. It’s an everyday business problem — especially if you rely on digital services, online tools, or third-party vendors.

The 2024–25 Annual Cyber Threat Report is a strong warning: attacks are ramping up, costs are rising, and SMEs are in the crosshairs. But the good news is that you don’t need to be a big organisation with a huge security budget to defend yourself. With a few straightforward steps — many of them low-cost or free — you can greatly reduce your threat surface and make it much harder for attackers to get in.

At Opal Logic, we believe in practical, effective security — and we’re here to help you build it into your everyday business operations.

The information in this blog post was summarised from the Annual Cyber Threat Report 2024–25 by the Australian Signals Directorate. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is the Australian Government’s technical authority on cyber security.

You can read the full report here: https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2024-2025

Policies
Covid-19 Policy
Terms of Service
Email Disclaimer
Privacy Policy
Trademarks
Site Information
Contact Us
Jiwa Training Website
News
Services
Domains
Sign Up for Email Updates

Join our Newsletter. We will send you about one email a month with useful information on all things Jiwa.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Opal Logic Pty Ltd is proud to announce that we have achieved the internationally recognised ISO/IEC 27001:2022 certification for information security.
Remote Help
Phone Portal
Customer Portal
AppStream
(C) Opal Logic Pty Ltd 2025
1300 45 OPAL (1300 456 725)