Australians are increasingly opting out of data sharing with small and medium businesses over privacy concerns, according to research from HP. The reluctance comes as SMBs report data is now “critical” to their success.
Consumer caution may be well warranted with the study also revealing many Australian SMBs are still not adequately prepared for new Notifiable Data Breach laws. More than half do not have policies in place to adequately address a breach.
The findings come from HP’s Australia IT Security Study 2018 which surveyed 528 Australian SMBs across the country with between 10 and 99 employees in the services, production, retail and hospitality, health and education, and distribution industries.
According to the report, in the wake of a series of high-profile data breaches, 46 per cent of Australian SMBs surveyed said that their customers are increasingly opting out of data collection and sharing.
Even business owners themselves were found to be wary, with 67 per cent stating they are uncomfortable with other businesses storing their personal data.
According to HP, this finding is concerning since the study also found access to customer data, such as names, contact details, banking or payment details, and even buying behaviours, is playing an increasingly critical role in the day-to-day business operations and competitiveness of Australia’s two million-plus SMBs.
Half of SMBs surveyed (49 per cent) said access to customers’ personal information is essential to their day-to-day business operations, while 60 per cent said they needed detailed customer information to deliver more personalised customer services and to ultimately grow their business.
Paul Gracey, interim managing director, HP South Pacific, said recent high profile breaches were increasing security awareness.
“In a climate where most Australians have some nervousness around maintaining their privacy, SMBs need to be extra diligent in maintaining their role as trusted custodians of a customer’s most personal information.”
Unaware and underprepared
The HP Australia IT Security Study 2018 found, half a year on from the introduction of Australia’s Notifiable Data Breaches (NDB) scheme, many Australian SMBs are still not adequately prepared. The majority have also not effectively responded to the EU General Data Protection Regulation (GDPR), which came into effect in May 2018.
The study unveiled that close to 1 in 5 (19 per cent) of Australian SMBs had not heard of the NDB scheme, despite having over 18 months to comply, and 1 in 4 (25 per cent) had not heard of the GDPR. What’s more, over half (51 per cent) of SMBs still did not have policies in place to adequately protect their businesses from a data breach in light of these new laws.
Despite these growing data privacy concerns, many Australian SMBs remain unaware of the potential costs involved and the steps they need to take to protect their customers’ information.
The report found that 42 per cent of Australian SMBs surveyed had not completed an IT risk assessment and a further 17 per cent weren’t sure if they had or had not completed an assessment. Of these, over one-in-three cited cost and a lack of knowledge and skills as the greatest barriers to completion.
“The fact that Australian SMBs are strapped for resources and cash isn’t news. What the study did uncover was the extent of this problem: just 39 per cent of SMBs have a dedicated IT security specialist protecting their infrastructure and their customers from a data breach. In over a quarter of cases, business owners themselves are responsible for IT security,” said Gracey.