Canberra forecast 5,400 small business cyber health checks, but only 35 happened

Despite the federal government expecting over 5,000 cyber health checks of Australian small businesses, only 35 have happened so far.
Written by Chris Duckett, Contributor on

When it announced its Cyber Security Strategy in 2016, the Australian government set aside AU$136 million for numerous activities, including a threat information-sharing portal, increasing the government's cybercrime intelligence and investigation capabilities, and grants to small businesses to boost their security.

More than three years after it made the announcement, the Department of Industry, Innovation, and Science has laid bare in responses to Senate Estimates questions on notice how few small business cyber health checks were completed.

"Based on the available funding, the government forecast up to 2,400 Small Business Health Check services in year three of the Strategy (2018/19) and 3,000 services in year four of the Strategy (2019/20)," the department said.

"The program was demand driven, and 35 subsidised Small Business Health Checks were completed."

In answering what percentage of the nation's small businesses have been serviced under the program, the department unsurprisingly said the number was "negligible".

The Small Business Health Check, which provided for testing by an accredited vendor of the Council of Registered Ethical Security, was launched on 3 December 2018. 16 businesses used the check as of June 30, with the remaining 19 checks occurring in this fiscal year before it closed, the department added.

To May 5, 181 businesses accessed the Free Self-Assessment Check.

Since the creation of AustCyber in January 2017 to be the nation's cyber growth network, the organisation has engaged with over 650 companies including over 280 of the nation's cyber companies, the department said.

Responding elsewhere, the Australian Sports Anti-doping Authority said it is currently operating in a "heightened state of alert in response to the current threats". ASADA said it is currently investigating a "sophisticated" spear phishing attack. It is the second time the authority has been hit by such an attack, with incidents occurring in November 2018 and November 2019.

"There is no indication that ASADA's security has been breached at any time," it said.

Related Coverage

'No such thing' as cyber warfare: Australia's head of cyber warfare

Warfare is warfare, espionage is internationally normal, and cyber is just one of a suite of potential capabilities for a military response, says Major General Marcus Thompson.

Telstra calls for Australia to undergo national cyber stocktake

Telco also wants repeat of 2016 ASX 100 cyber check survey.

Newly formed CyberCX scoops up two of Australia's cyber heavyweights

Former Optus Business MD John Paitaridis and government cyber veteran Alastair MacGibbon join the new company backed by private equity firm BGH Capital.

Renewed calls for dedicated Australian cyber minister and cyber leadership

Australia's cybersecurity is too important to struggle along with part-time attention, say submitters to the Cyber Security Strategy 2020. The public no longer trusts the government's computer skills.

Australia as concerned about cyber Bond villains as state actors

Nation has a capability gap relating to economy-wide cyber attacks, the Department of Home Affairs has said.

Editorial standards