“Small businesses are becoming more cyber savvy, but there’s still a dangerous gap in basic safety measures that are leaving small businesses exposed.”
That’s the warning given by Skye Cappuccio, the incoming CEO of the Council of Small Business Organisations of Australia (COSBOA), following the release of the 2026 Small Business Cyber Security Pulse Check Report, launched today (23 February) by its Cyber Wardens program.
The report – based on a study of more than 1,570 small-business owners and employees across several industries – found that cyber security awareness varies greatly between businesses.
The slowest sector is the hospitality industry, where, for instance, only 47 per cent use unique passwords or phrases, and only 37 per cent of businesses in the sector have cloud-based backups in place. Similarly, only a third have multifactor authentication in place to protect their email systems.
“These findings are a wake-up call to act – and underscore that our work in building the cyber resilience of small businesses is far from over,” Cappuccio said.
“Cyber criminals are becoming more cunning and sophisticated by the day, fuelled by technologies like AI, but too many small businesses remain reactive.”
According to the report, the biggest threats to hospitality businesses are data breaches, phishing emails, ransomware, and business email compromise, and the last 12 months illustrate just how dangerous the threat landscape really is.
Just this month, in February, the NSW-based Seagrass Boutique Hospitality Group confirmed it was the victim of a cyber attack, while in November the Oscars Group was listed as a victim of the Medusa ransomware group on its darknet leak site.
Just those two breaches have the capacity to impact dozens of venues – and their customers and clients.
“Our message is simple: don’t be a sitting duck for cyber crime. It takes 10 minutes to start your cyber security journey, but only seconds for a cyber criminal to devastate your business,” Cappuccio said.
Australian Restaurant and Cafe Association CEO Wes Lambert said the report and its findings send a clear message to operators in the sector.
“The latest Cyber Wardens research highlights that hospitality businesses would benefit from additional support to boost their cyber resilience, especially as owners juggle the daily demands of keeping their businesses afloat,” Lambert said.
“They may not realise just how vulnerable they are to cyber crime, but cafes and restaurants hold valuable customer information – from names and email addresses to booking histories. Casual staffing, shared logins and fast-paced environments all increase the risk of cyber attacks, which is why free programs like Cyber Wardens can make all the difference.”
You can read the full 2026 Small Business Cyber Security Pulse Check Report here.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.