Every day cyber-criminals are benefiting from Australian SMBs that are uneducated and unwilling to properly protect their data. These Australian companies are at risk of becoming “low-hanging fruit” for crooks.

That's according to James Nunn-Price, who leads Deloitte's Asia Pacific Cyber unit. He said companies are not reporting ransomware and instead cave into the demands of cyber-criminals and pay them instead. The companies choose to only report the problem to authorities when the ransom amounts substantially escalate, having a mentality to quickly sort out the issue and get it working again.

“I'm amazed at how many Australian businesses pay the money... certainly some super funds, insurers and corporates pay the money because it's just easier to pay a few hundred dollars and then they wonder why six weeks later they get hit again,” Nunn-Price said.

Tommy Viljoen, who leads Deloitte's risk advisory security team, said businesses must understand cyber-security as much as they understand finance. Viljoen said, “If I say to someone in a boardroom ‘the bank account hasn't been reconciled for six months and you're in bad shape', the immediate response would be ‘we've got to sort it out, we've got to do it'. If I say ‘you've got malware on that system and it hasn't been patched for a couple of years', I'll have people looking at me and asking ‘well, is that important?'.”

CERT Australia responded to over 11,000 cyber-crime incidents in 2014-2015.

According to the Australian Signals Directorate, cyber-attacks on Australian organisations grew by 20 percent in 2014, which demonstrates how important it is for organisations to be aware of the growing risk of cyber-attacks and to actively pursue steps to reduce the risk.