Image credit: Institute of Digital Health

Small businesses will gain access to a new cybersecurity “health check” program and tailored assistance to help them recover from cyber attacks, under a new $18.2 million plan from the federal government.

Announced on Monday, a new $7.2 million scheme will provide small businesses with a free self-assessment kit to help them determine their risk profile and the steps needed to prevent a potentially devastating cyber attack.

Additionally, $11 million in funding will go towards the Small Business Cyber Resilience Service, a new initiative that will help SMEs combat and recover from cyber attacks when they occur.

In a statement, Small Business Minister Julie Collins said small businesses, which comprise the vast majority of private enterprises, are at the “centre of our efforts to tackle cybersecurity threats”.

The new efforts were welcomed by Luke Achterstraat, CEO of the Council of Small Business Organisations Australia, who said cyber attacks against small businesses are estimated to cost the economy $2 billion a year.

“Small business owners and employees are time-poor and often inadequately prepared for cyber threats,” Achterstraat said in a statement.

“These programs open the door for small businesses to have the cyber conversation, receive a diagnosis and be referred to appropriate courses of action.”

Australian Small Business and Family Enterprise Ombudsman Bruce Billson shared similar praise for the measures.

“These announcements will provide the type of concierge-style support we have advocated for”, he said.

Separate from the new measures, COSBOA operates the Cyber Wardens scheme, a training plan designed to help small business leaders identify digital threats and take steps to protect their businesses.

That scheme earned $23.4 million in federal government funding under the 2023-2024 budget.

The new measures come one day before the Albanese government is expected to release its much-touted cybersecurity strategy, plotting out the next seven years of Australian defenses against mounting digital threats.

On Sunday, it was revealed the scheme will establish a mandatory post-incident reporting system, ensuring businesses that fall victim to digital attacks share information with regulators.

The scheme will reportedly operate on a no-fault basis, with investigators steering clear of separate law enforcement proceedings and regulatory efforts.

It will run through a single online reporting portal, Cyber Security Minister Clare O’Neil told The Australian.

Achterstraat said it was important businesses subject to the incoming reporting requirements do not face additional compliance burdens.

“Small businesses require ease-of-use, and for reporting obligations to exist all under the one roof,” he said.

“Only with reduced red tape will small businesses be able to understand and execute their reporting responsibilities.”