Information technology firms looking to help vulnerable small businesses in the immediate aftermath of a cyberattack can now apply for $8.1 million in federal government grant funding.
Applications to administer the Small Business Cyber Resilience Service opened on Friday, offering qualified firms the chance to participate in a key pillar of the federal government’s cybersecurity plan.
The Small Business Cyber Resilience Service is marketed as a triage service, tasked with determining the damage caused by a cyber attack and the next steps for the small business target.
It arrives in a treacherous time for small businesses: some 94,000 digital crimes were reported to the Australian Cyber Security Centre over the last financial year.
The average cost to small businesses is $46,000.
The successful grant applicant will be tasked with providing person-on-person support to the affected small business during and after a cyber attack, and case management in the days and weeks afterwards.
“We want small businesses and their customers and the community to feel secure from cyber threats,” Minister for Small Business Julie Collins said in a statement.
Applications open today and close Friday, April 26, 2024.
The $8.1 million grant comes as part of the broader $11.1 million Small Business Cyber Resilience Service, with the remaining funding tied up in Treasury administrative costs.
It adjoins the $23.4 million Cyber Wardens cyber security awareness program, and the $18.6 million Digital Solutions program, a more holistic initiative to help small businesses digitise and get online.
Small business lobby shares cybersecurity wishlist
Grant applications opened just days after the Council of Small Business Organisations Australia (COSBOA), the small business lobby behind the Cyber Wardens program, shared its own wishlist with the Department of Home Affairs.
In its submission to the cybersecurity legislative reforms team, COSBOA called for specific small business protections in the federal government’s 2023-2030 Australian Cyber Security Action Plan.
Businesses that fall prey to ransomware should not face fault or penalty from the government for paying a ransom, it said.
The federal government should also consider ransomware carveout for businesses with an annual turnover below $10 million a year, suggesting those smaller enterprises be pointed to services like Cyber Wardens for guidance.
Further, small businesses should be given two years to adjust to incoming rules on the use of the Internet of Things (IoT) and smart devices, like internet-enabled appliances and sensors.
COSBOA argues that “any regulation on IoT devices should only be used as a last resort and must demonstrate a net benefit to society,” with extra compliance burdens likely resulting in higher costs for businesses and consumers.