SMEs face increased cyber threats amid rising sophistication and AI-driven scams

Small and medium-sized enterprises in Australia and the UK are experiencing a surge in cyberattacks, with vulnerabilities exposed by sophisticated tactics and AI-enabled scams, prompting calls for strategic, preventive measures during Cyber Security Awareness Month.

Cybersecurity Awareness Month has renewed focus on the rising cyber threats facing organisations worldwide, with small and medium-sized enterprises (SMEs) in Australia and the UK under particular scrutiny. These businesses are experiencing a surge in cybercrime incidents, exposing significant vulnerabilities that require urgent strategic shifts.

SMEs face escalating threats from increasingly sophisticated cyberattacks. Andrew Black, Managing Director of ConnectID, highlights that in Australia, a cybercrime is reported every six minutes, and the average cost to a small business now stands at approximately AUD $46,000 per incident. Despite this, only around 35% of small business leaders acknowledge feeling truly vulnerable to such attacks, even though a majority report having encountered cyber threats themselves or within their sectors. Black warns this disconnect between perception and reality leaves both businesses and their customers at considerable risk. He advocates for prioritising data minimisation—collecting and storing only essential information—to curtail the impact of breaches and foster customer trust, especially in sectors handling sensitive data.

Digital identity solutions featuring bank-verified checks exemplify this approach by enabling businesses to verify customers without retaining excessive personal data, reducing exposure and administrative burden simultaneously. However, the threat landscape remains complex and dynamic, compounded by legacy technology and the rapid integration of artificial intelligence (AI) into organisational systems. Pieter Danhieux, CEO and Co-Founder of Secure Code Warrior, emphasises the risk posed by outdated, unpatched systems, and the necessity for continuous, up-to-date security training to maintain robust defences. This continuous learning approach ensures security teams can effectively combat both established vulnerabilities and novel, AI-driven threats.

AI is not only a tool for innovation but also a weapon for cybercriminals, making attacks more sophisticated and harder to detect. Ash Diffey, Vice President ANZ at Ping Identity, points to AI-driven phishing scams as a top concern for Australians, with 42% worried about such scams but only 20% confident in recognising them. This underscores the need to move beyond traditional security methods. Diffey advocates for leveraging biometric authentication combined with verifiable credentials to place identity verification at the core of digital security, significantly reducing the success rate of these scams.

Supply chain vulnerabilities are another critical area of concern. Michael Downs, Vice President of Global Sales at SecurEnvoy, notes that software supply chain attacks and disruptions to services, such as those experienced at major airports, highlight how third-party vendors can introduce substantial risks. He stresses that compliance frameworks alone are insufficient, urging organisations to cultivate a shared security culture and proactive awareness throughout their supplier networks. Human error and inconsistent practices, especially among smaller suppliers, are often the weakest links in the security chain.

Investment in cybersecurity among businesses is growing, yet coordination and clarity remain challenges. Sam Peters, Chief Product Officer at IO, cites reports showing a 73% increase in cybersecurity spending over the past year but points out that nearly half of organisations lack comprehensive risk management frameworks. Aligning security investments with established governance standards like ISO 27001 can help ensure more effective risk mitigation and operational clarity across departments.

For organisations providing essential services, continuous monitoring and response capabilities are vital. Rob Demain, CEO at e2e-Assure, highlights that 24/7 detection and incident response planning are as crucial as preventative measures to contain threats swiftly and avoid major disruptions. He advocates embedding cybersecurity strategies firmly within business continuity frameworks rather than treating them as occasional or peripheral concerns.

A granular and vigilant security posture is necessary in today’s threat environment. Martin Jakobsen, Managing Director of Cybanetix, encourages organisations to pursue a ‘paranoid’ approach, maintaining keen awareness of small anomalies that might indicate larger attacks. Supporting this vigilance with modern identity controls, AI-driven automation, and Security Orchestration, Automation, and Response (SOAR) platforms will help businesses enhance resilience and strengthen their overall security posture.

These insights come amid broader calls to action during Cyber Security Awareness Month, an annual initiative promoted by governments and industry stakeholders to foster a culture of online safety. The Australian Government’s campaign for 2025, themed ‘Building our cyber safe culture,’ encourages practical measures to improve cybersecurity at all levels.

Rising cyber insurance uptake among Australian SMEs—up 50% in the past year—reflects growing awareness of financial risks linked to cyber incidents, from operational disruption to reputational damage. Yet, studies reveal many SMEs still underestimate their susceptibility to attacks, and a significant cyber protection gap persists, as shown by recent initiatives in the UK where SMEs have reported experiencing cyber incidents at an alarming rate.

Overall, the evidence underscores an urgent need for SMEs to move beyond reactive security spending towards integrated, strategic defences centred on data minimisation, continuous learning, identity-centric solutions, and collaborative security cultures. Only through comprehensive, coordinated efforts can this vulnerable segment manage the mounting cyber risks in an era marked by rapid technological change and sophisticated adversaries.

📌 Reference Map:

Source: Noah Wire Services