Optus launches free cyber readiness programme for SMEs

Optus has launched a free cyber readiness programme for Australian small businesses after new research found that one in three has experienced a cyber incident.

A survey of 1,000 business owners and key decision-makers found that 35% of Australian small businesses had suffered a cyberattack, while 60% did not have a cyber plan in place. More than half, 52%, said they did not believe they were a target.

The findings suggest a gap between the frequency of attacks and how smaller firms assess their exposure. On average, small businesses spend two hours a month on cyber attack prevention measures, while 20% devote no time at all.

Sole traders emerged as the most exposed group in the survey. Among them, 79% lacked a cyber response plan and 38% took no action after experiencing a cyber incident.

When incidents occurred, respondents reported operational and financial disruption. Among businesses that had experienced a cyber incident, 31% said recovery consumed time and resources, 21% reported lost productivity due to system outages, and 18% suffered direct financial loss.

Phishing and email scams accounted for 38% of incidents reported by affected businesses. Malware or virus infections made up 24%, while hackers impersonating a trusted contact accounted for another 24%.

Research findings

The survey was conducted online by Ipsos and covered sole traders as well as businesses with between two and 19 employees. The sample included about 630 sole traders and about 370 businesses with small teams.

Karissa Breen, a cybersecurity expert cited by Optus, said smaller operators were increasingly being targeted because they often had weaker defences than larger organisations.

"Cyber attacks aren't slowing down - particularly with AI tools, they're becoming more automated and opportunistic, and small businesses are increasingly being targeted as 'low hanging fruit'. While many businesses have basic protections in place, overall security practices aren't strong enough, leaving gaps attackers can easily exploit," Breen said.

The programme sits within Optus's FutureFit initiative, which is designed to help small businesses manage digital challenges. Its cybersecurity component includes workshops and online sessions open to small businesses nationwide.

The sessions are intended to provide practical guidance and help participants develop a cyber plan tailored to their business. The content covers security practices, staff skills and incident response planning.

Support gap

The research suggests many small firms recognise cyber risk but do not treat it as a business priority. Only 40% of Australian small businesses prioritise cybersecurity, despite the reported incidence of attacks.

The mismatch is particularly acute among sole traders, who often have limited time and resources and may not have dedicated IT support. The figures on response planning and post-incident inaction suggest some of the smallest operators remain vulnerable even after an attack.

Breen outlined several common weaknesses attackers look for in smaller organisations.

"Common vulnerabilities that attackers typically seek out and exploit include reused passwords, browser autofill and minor password variations. Small businesses should adopt strong password hygiene, enforce multi-factor authentication, and invest time in cyber awareness training to reduce these risks," Breen said.

Emma Jensen, executive general manager of small business at Optus, said the company wanted to give smaller firms a more practical starting point.

"Small businesses know cyber risk is real, but with limited time or expertise, many don't know where to begin. At Optus, we're helping by providing personalised, practical plans that cut through the complexity and fit each business's needs. Cyber resilience doesn't have to be hard - it just needs to be intentional," Jensen said.

The data was based on a 10-minute online survey of business owners or key decision-makers involved in cybersecurity or IT decisions.