COSBOA - CyberWardens Roundtable

12 June 2025

The Hon Dr Anne Aly MP
Minister for Small Business,
Minister for International Development,
Minister for Multicultural Affairs

 

MINISTER DR ANNE ALY: Can I start by acknowledging the traditional owners of the lands on which we meet, the Whadjuk people of the Noongar nation, and just recognise their elders past, present and emerging, and extend that recognition and that acknowledgement to any First Nations people joining us here today. Can I also say a huge thank you to COSBOA for inviting me to join today's discussion.

 

So, I want to start off by first of all saying how incredibly humbled and excited I am to take on the role as the Minister for Small Business, alongside my other two roles in Multicultural Affairs and in International Development. Though it may seem like three really disparate areas of portfolios to have, but already I can see a vision for bringing those three areas together. Particularly considering that 40 per cent or thereabouts, particularly here in WA, it's about 40.1 per cent of all small businesses, are owned and operated and started by migrants. So, there's a real story there to tell about resilience. There's a story there to tell about the Australian story and Australian identity, but also a real opportunity for structural change to lift small business. And rather than small business being a kind of an addition or an add on or an afterthought in the way in which we construct policy, enact policy and develop plans and make progress on policy, to actually have it as a primary consideration in how we think about things. So, as you would know, there are around 25,000 small businesses that have been created every month since we first came into office in 2022, which I think is an incredible statistic. But of course, small businesses aren't just statistics or figures on pages, they are about people, each one of those contributing to Australia's economic resilience, to our growth. And it's actually a huge honour to represent the people who make up 97 per cent, 97 per cent of all Australian businesses and who employ over 5.2 million Australians. That's around 40 per cent of the private sector workforce. So, it might be small, but it's not small, not small at all.

 

I wanted to talk specifically about critical infrastructure and it's quite poignant that I'm here today because I remember as a professor, before I became a Member of Parliament, my field of research was in counterterrorism and international security. And I remember way back, gosh, this could have been 2015. So, about 10 years ago, attending a critical infrastructure roundtable, and looking at cyber resilience and critical infrastructure for small businesses involved in the supply chains of critical infrastructure. That was 10 years ago. And I was quite astounded when I became a Member of Parliament, that government still hadn't cottoned on to what was critical infrastructure and how important critical infrastructure was, but also the role of small business in those supply chains of critical infrastructure. So, for me this is a particular area of interest. But it also takes me back to some of the research that I did prior to entering Parliament. And some of the advocacy work that I did with government, and as well with the private sector, to take a serious look at the role of small business in critical infrastructure, and what is the role of government in ensuring that kind of resilience for small businesses and other parts of the supply chains in critical infrastructure.

 

I know from my own experience running a small business and a charitable business. I also have a son who runs his own small business. I ran a consultancy. I was the founding chair of a not-for-profit, but I also with my ex-husband, we had Snags Aussie Dogs. I don't know if any of you from Perth remember it, but it was the hot dog carts in the city. We used to run the hot dog carts in the city. We had about three employees that worked with us there as well. He got that in the divorce, and I was quite happy for him to have it. There's a little bit of a thing that you didn't know about me.

 

So, I know from that experience that there's like there's several layers that you have to cut through as a small business, right? You've got your business, but then you're a small business and then, you know, there might be other kinds of layers of challenges there as well. And how do we cut through all those layers of challenges, and ensure that everything that we do takes into account the way in which- how we do things. The way in which the impacts may be differential for small business. That when we make a policy or when we pass legislation, being cognisant of the fact that what we are doing may have a differential impact on small business, and then how do we make structural change? Structural change to ensure that from its inception, policies, programs, legislation takes into account small business from the start, as opposed to it being an afterthought where we have to carve out a space for small business. When we know that small business, as I mentioned earlier, employs 40 per cent of the private sector workforce, makes up 97 per cent of all businesses. When we know that this is a critical part of our economy, why are we making laws and policies that we have to later then think about small business as an afterthought? This is something I'm really keen on working on and I really appreciate everything that you all do here, but also appreciate the opportunities that we'll have over the coming years to engage on those aspects of the small business portfolio as well.

 

I never read my speeches. Another fun fact.

 

But just going through some of the things that we are doing, particularly around in the cyberspace and cyber resilience. Of course, reducing the risk of going online isn't just something that's the responsibility of the government, but it shouldn't also rest on the responsibility of individual either. I think there's a lot that we can do together, and nobody should be left to tackle these challenges alone. That's why we're going to continue collaborating with industry and ensuring that small businesses aren't left behind. Not just in those supply chains that are responsible entities under the SOCI Act, but small business also more generally.

 

Every small business should be able to develop their cyber maturity. And if I can just go through the range of programs that we have, and I know that there are people here who are working on and representing those programs. So, we've got the Digital Solutions Program, the wonderful CyberWardens Program, Small Business Cyber Resilience Service and the Cyber Health Check. And thousands of small businesses are accessing and benefiting from these really important programs, and we want to see more organisations, more small businesses being able to access those as well.

 

The 2025 Small Business Cyber Security Pulse Check report told us these things. 82 per cent of all small businesses have been exposed to or experienced a cyber incident. That's up 3 per cent from the previous year. And as you know, the average cost for a small business of a cyber incident is around $50,000. That's a lot for a small business to absorb. Only 41 per cent of small businesses feel confident that their business is protected from emerging threats such as AI driven attacks and ransomware. And more than 54 per cent of small business owners and employees consider cybersecurity threats a medium or high risk to their business in the next five years, up 5 per cent from the previous year.

 

One of the other things that I did before entering Parliament was, I worked with organisations on building cyber security and cyber resilient cultures. Having a really cyber aware culture within organisations. One of the things that we used to say working in the security field was that the weakest link is? What's the weakest link in the chain? People, humans. Hello! And so, for me, how do we build up an awareness? Looking at these statistics that I've just read to you from that report. How do we build up, not just an awareness but a cyber safe culture within organisations where cybersecurity is not just taken seriously, but people aren't afraid of it. People aren't afraid of AI; they can see the opportunities that it brings to them. Isn't just something that belongs to the “tech nerds”, but something that every person can take a responsibility for within an organisation. And I'm keen to hear from you and to work with you on how we can really look at human behaviour. I'm a human behaviouralist by trade. How do we change human behaviour? How do we change human thinking? How do we change human culture, whether it's in the development of policy or whether it is indeed in cyber safe practices within organisations.

 

So, I'm going to encourage you, finish by encouraging you to all use this roundtable to share your thoughts, but also to encourage you to be very open and bold with your ideas. I’m here to listen and I hope that this is the start of a fruitful relationship with many of you over the coming years where we can engage and we can make a real difference.

 

So, thank you very much for everything that you do and thank you very much for having me here today with you.

 

 

[ENDS]