Are your cyber security practices as good as they need to be with the current heightened levels of malicious cyber activity?

Cybercrime cost small businesses an average of more than $39,000 per cybercrime report, according to the Australian Cyber Security Centre (ACSC) July 2021-June 2022 Annual Cyber Threat Report.

For medium-sized businesses, the average cost rose to $88,000 per cybercrime report.

That was an average increase across all businesses of 14 per cent, compared with the previous financial year.

To help small and medium businesses prepare for a cyber incident, as well as assess and improve their cyber security, the ACSC launched a free online tool called Exercise in a Box.

Business owners could discuss their responses to a range of scenarios including ransomware attacks delivered by phishing emails, threatened leaks of sensitive data and third-party software compromises.

The ACSC said the all-in-one platform included everything business owners needed to plan, set up and deliver exercises in their organisations.

Stephanie Crowe, the ACSC first assistant director-general cyber security resilience, said it was important to do the work to remain secure online before an incident occurred.

“This fantastic tool allows you to practice your response to a cyber incident, whether it’s a data breach, ransomware attack or a compromised system in a safe environment, at a time that works for you, your staff and your business,” she said.

“Exercise in a box works by taking a small group of your key staff through a series of structured questions relating to an area of cyber security.

“By completing the exercises, you will understand the risks your organisation is currently exposed to and what you can do about it.

“Each exercise concludes with a report that offers practical guidance on improving the cyber security of your organisation.”

The ACSC said Exercise in a Box would keep evolving to ensure it stayed current, relevant and engaging.