Proven Results

With the release of Australia's Cyber Strategy 2020, there is a clear emphasis on protecting SMEs. The 100 Point Cyber Check was designed to measure cyber risk for SMEs in Australia using a simple, straightforward instrument. Given the Strategy's focus going forward, I thought it might be instructive to look at what we know so far....

To recap - the 100 Point Cyber Check looks at a range of Yes/No answers to some common cyber requirements across technology, operations, regulation and the law. It's not expected that every company will score 100%, but you would expect that top companies with large budgets would perform the best.

Overall, the average score for the past year has been 56.9%, and it takes on average 26 mins 53 secs to complete the Check. Some specific criteria are summarised below:

• Cyber budgets - 21% had a cyber budget < $1,000, 50% between $1,000 and $10,000, with 14% at $1,000,000 and above. That's quite a range!

• 43% had a CISO (wow!) but 57% had no-one (sad).

• The lowest test score was 31% (bad), the highest was 79% (outstanding). The best result was achieved with a budget of $1,000-$10,000; the worst score had a budget of $100-$1,000.

• Industry sectors included IT (50%), health care (14%), financials (14%), consumer staples (21%) and industrials (7%).

So - in summary - the average SME so far is scoring just above 50%, which is not a fantastic outcome - we can and should be doing much better as a nation.

After the measures announced by the Strategy, will we see these results improve? Or will we just continue with the usual disconnection between the "Canberra bubble" and small business nationally? Our adversaries will no doubt be betting on a "business as usual" rather than a transformative approach!