Garth Hamilton (Groom, Liberal National Party) Share this | Hansard source

Cyberattacks are no longer only the concern of very large global corporations. Increasingly, we're seeing small regional businesses fall victim to malware and ransomware attacks. Last year the Australian Signals Directorate and the Australian Cyber Security Centre received more than 60,000 cybercrime reports. That's one every eight minutes—an extraordinary number.

A quorum having been called in the House of Representatives—

Sitting suspended from 13:02 to 13:07

There's a concerning trend in the increase in cybercrime we're seeing, and it can have a devastating impact on mum-and-dad operations. I know of one panelbeating workshop in my electorate of Groom which had its files seized and was forced to buy bitcoin to get its digital property back from hackers. It's a cross it certainly could have gone without along with the downtime required to get its systems back online, which was an added pain. This answers, in a way, a similar question to that asked in the title of a song by the Smiths: how small is small? We're talking about very small businesses. In many of these cases, the businesses are single operators with a computer but without much training, and certainly most are having their first interaction with bitcoin. But this changing face of cybercrime victims is a very important reality for Australia to address. It's an issue that no longer belongs on the extremes of either big business or vulnerable grandparents clicking on things they should ignore. Small businesses are no longer a secondary concern of cybercriminals, but in many cases are being specifically targeted, the size of the payday being of less importance than the ease with which it can be won.

I know many small-business owners feel this couldn't happen to them or that the cost of implementing cybersecurity measures just isn't worth it. I'm here and the previous speakers are all here to say that it does happen, and the average cost of recovering from cybersecurity incidents starts at around $10,000. But, realistically, usually it's far more. Unfortunately, attacks only have to be successful that one time to cause tremendous damage: money, valuable client information and years of data are able to be swiped in just a matter of minutes. If anything, the increasing move towards working from home during the pandemic has multiplied the risk we face, with employees often working from unsecured networks, particularly in small businesses, instead of the centralised protected location they previously enjoyed. But while this is a new frontier for regional businesses, I'm proud to say that we already have a number of operators leading the way in cybersecurity in the Toowoomba region.

I had a fantastic opportunity to take Minister Karen Andrews to see some of them during a visit to my electorate in May this year. I know she was very impressed with the calibre of innovation that was on display. Toowoomba prides itself on taking a punt on new technology, and this is certainly true in the field of cybersecurity. One such project is FKG Group's Pulse Data Centre, which is the first large-scale data centre outside of a major capital city in Australia. It's a magnificent facility that speaks to the future of Toowoomba's regional economy and its ambition to be a bit more of a big city. The centre supports corporate customers, small to medium businesses, governments and international technology giants.

Toowoomba is a perfect location for this centre because it can cater intimately and personally to small businesses who have these needs. It has the added physical security of being located outside of a capital city. We have a low threat level. Any natural disaster that impacts Brisbane is unlikely to affect us on top of the hill, or the other side of the hill in this case. The centre also offers strong data security, because Pulse Data Centre is 100 per cent Australian owned. It ensures all data stored in the centre is covered under Australian laws. This is an important issue in an internationally fluid environment.

Another important player in this space in the Toowoomba region is Heritage Bank. We were able to show the minister the cybersecurity measures they use to keep their customers' financials safe. It's clearly an issue they take very seriously. I commend them for their efforts. It was great to see the leading edge practices they use to stay ahead of cybercriminals and assist law enforcement agencies. This cooperation with relevant authorities was repeatedly presented as a key driver of the bank's success in this area. That's a very important message for small businesses, too—it's far better to be proactive rather than reactive when it comes to cybersecurity.

There's much information available at cyber.gov.au that will be of use no matter the size of your business, including simple tips on checking your systems to ensure you're operating on updated apps and computer software, upgrading the multifactor authentication and keeping a backup of your data off the network. This enables a business IT provider to restore files that may be encrypted or destroyed in a ransomware attack without having to pay hackers for the advantage. The government will continue to play its part, investing $15 billion in cyber and defence capabilities and strengthening protections for our critical infrastructure with new legislation for digital centres and data.

See this speech in context