Artificial intelligence (AI) is being used to create more sophisticated and efficient phishing attacks, increasing cyber risk for Australian small businesses.
Phishing occurs when cybercriminals send fraudulent messages designed to trick people into taking an action, such as revealing their password or making a payment. These messages appear to come from trusted sources – a business owner, supplier, or commercial landlord – and rely on people making a mistake or poor judgement call to work.
Phishing is already popular in Australia; it was the number three reported scam to ScamWatch in 2024 and accounted for 34% of incidents reported to the Office of the Australian Information Commissioner (OAIC) from July to December 2024. During that same period, 29% of reported data breaches were attributed to human error.
Many Australian SMEs are already on the phishing hook, but AI may soon cause these numbers to explode.
AI can quickly analyse data from social media, public records, and business websites to create highly targeted and convincing phishing messages. It can also automate phishing campaigns, create realistic fake websites, and craft emails that bypass traditional phishing detection methods.
This new level of sophistication means that small business owners and employees may be more likely to fall for well-crafted phishing messages. And the fallout could be expensive – self-reported costs of cybercrime for small businesses averaged $49,600 per incident in FY24.
So, what can SMEs do to protect themselves from AI-powered phishing attacks? Practical steps could help them better protect their businesses:
- Cybersecurity training – Learn to spot phishing emails, social media messages, texts, and phone calls. Cyber Wardens offers free courses for Australian small businesses.
- Verify messages – Make a habit of confirming unexpected messages through other communication channels, especially if the sender is requesting payment or account information.
- Stronger password policies – Use password managers and adopt multi-factor authentication (MFA) wherever possible.
- Updating software and hardware – Install software patches as soon as possible and replace legacy systems that no longer receive updates.
While cybersecurity is critical for small businesses, many may still fall for an AI-powered phishing attack despite their best efforts. That’s when having a cyber back-up plan could be crucial.
Cyber Liability insurance* can complement a small business’ cybersecurity plan by providing invaluable financial support and resources following a phishing incident and other types of cyberattacks.
Cyber policies help cover expenses, such as replacing lost income caused by a cyber breach, restoring data, and notifying affected customers. Many insurers also offer 24-hour incident response services that connect business owners with resources to minimise damage and get back to business as usual with less delay.
By combining practical measures with Cyber Liability insurance, small businesses can reduce their chances of falling victim to AI-powered phishing attacks and recover faster if they are unable to stay one step ahead of cybercriminals.
Find Cyber Liability cover from selected leading Australian insurers in minutes with BizCover. For on the go cover, visit BizCover.com.au or call 1300 805 821 today.
*This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording or Product Disclosure Statement (available on our website). Please consider whether the advice is suitable for you before proceeding with any purchase. Target Market Determination document is also available (as applicable).
© 2025 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769
Get our daily business news
Sign up to our free email news updates.
