As ransomware, phishing, and scams hit businesses of every size, industry leaders urge companies to rethink awareness, culture, and AI-powered resilience.
October is here, and with it comes Cybersecurity Awareness Month, a global reminder that digital threats don’t discriminate. For years, smaller businesses believed cybercriminals were only interested in large enterprises or government institutions. But 2025 has proven otherwise. From retailers and construction firms to electricians and wellness providers, attacks are crippling small and medium enterprises (SMEs)—often with devastating financial and reputational fallout.
“We’re Too Small to be a Target”: The Biggest Myth
Akshaye Kalkura, Virtual Chief Information Officer at BizCover, says the myth of being “too small” continues to lull businesses into a false sense of security.
“One of the most common reasons that business owners don’t take out Cyber Liability cover is because they believe they’re ‘too small’ to be a target. This couldn’t be further from the truth.”
The numbers back him up. According to recent threat intelligence, small businesses now account for nearly half of reported cyber incidents globally. For attackers, SMEs are low-hanging fruit—less protected than large enterprises but often holding equally sensitive customer, financial, or supplier data.
“Cybersecurity must be a board-level priority, breach-ready and powered by Agentic AI.”
— Dipesh Kaura, Country Director – India & SAARC, Securonix
Real-World Cases: When Cyber Incidents Hit Home
Phishing at Desky: Trust Undermined
For Desky, a national online retailer, a phishing email masquerading as a supplier request tricked an employee into paying a fraudulent invoice of $4,700. While the money was a blow, the bigger damage was trust.
John Beaver of Desky recalls:
“The bigger impact was on workflow, with staff losing confidence in email until new phishing training and approval processes were introduced. Good habits and clear SOPs protect a business more than depending on technology alone.”
Invoice Tampering at Primal Recovery
In Melbourne, Micko, founder of Primal Recovery, fell victim to a man-in-the-middle scam where hackers intercepted legitimate Xero invoices, altered the bank details, and siphoned off $10,000.
“The only way to play it safe is, as I mentioned before, confirm all details are correct before paying it,” Micko reflects. “The sad part is, I am quite a savvy tech junkie, and it still got me.”
“One of the most common reasons that business owners don’t take out Cyber Liability cover is because they believe they’re ‘too small’ to be a target. This couldn’t be further from the truth.”
— Akshaye Kalkura, Virtual CIO, BizCover
Spoofed Supplier Scam at Pro Electrical
Sydney-based Pro Electrical narrowly avoided a costly mistake in June 2025 when the business detected a spoofed supplier invoice in time. No money was lost, but the stress and disruption were significant.
Daniel Vasilevski says the experience was eye-opening:
“It was a wake-up call about how vulnerable we are when it comes to even the simplest transactions, and it reminded me that the chance of a cyber incident can happen with businesses of any size.”
The Bigger Picture: From Awareness to Resilience
These cases show that while technology is critical, the real protection comes from a mix of awareness, processes, and culture. SMEs that invest in staff training, incident simulations, and cyber insurance are often better equipped to handle attacks than those relying solely on security software.
Dipesh Kaura, Country Director – India & SAARC at Securonix, believes the conversation must now escalate from IT teams to boardrooms.
“Cybersecurity must be a board-level priority, driven by future-ready strategies that are breach-ready, board-ready, and powered by Agentic AI. This represents a shift from reactive security to autonomous operations, where cybersecurity becomes a strategic enabler of business outcomes.”
His call echoes the global theme of Cybersecurity Awareness Month 2025: shared responsibility and proactive defense.
Lessons for the Future
From phishing scams to invoice tampering, the stories of Desky, Primal Recovery, and Pro Electrical highlight one truth: no business is immune. For SMEs, a single attack can mean financial loss, reputational damage, and operational downtime.
The path forward involves:
- Training employees to spot and stop scams.
- Implementing clear SOPs for payments, approvals, and data handling.
- Investing in intelligent detection powered by AI and automation.
- Considering cyber liability insurance as a financial safety net.
As Cybersecurity Awareness Month reminds us, awareness is just the beginning. The real goal is to build resilient, AI-powered defenses that allow businesses to thrive confidently in a hyper-connected digital economy.