Three major concerns for SMES

1.    Lack of understanding and digital maturity

A major factor behind the slow adoption of AI is the lack of digital literacy among businesses, especially with AI. Some business owners view AI as an advanced technology reserved for large corporations with deep pockets and vast technical resources. This perception often stems from the digital maturity gap that exists among Australian SMEs, with many still heavily reliant on manual processes and outdated systems. According to Forbes Australia, over 81 per cent of businesses still use spreadsheets and paper documents, making it harder for them to integrate AI effectively into their operations​. 

This disconnect is amplified by the absence of centralised data systems. AI relies on well-organised, accurate data to deliver insights and automate tasks. Without proper data management, the effectiveness of AI solutions is limited. Many Australian SMEs are simply not ready to invest in the digital infrastructure necessary to support AI.

2.    Fear of costs and complexity

SMEs are also often concerned about the costs associated with AI adoption. According to MYOB, 80 per cent of Australian SMEs express concerns about the expenses involved in implementing AI technologies. This fear is exacerbated by the complexity of AI systems, which many SMEs believe they lack the expertise to manage. The idea of training staff, upgrading existing infrastructure, and maintaining AI solutions can feel overwhelming for small businesses. As a result, many are hesitant to adopt AI, focusing instead on immediate, short-term financial pressures rather than the long-term cost-saving potential AI offers.

3.    Data and security concerns

Data privacy and cybersecurity are critical concerns for Australian SMEs, particularly when it comes to adopting AI. AI systems often require large amounts of data to function effectively, and many businesses worry about how this data will be handled as business owners are cautious about exposing sensitive information to AI platforms.

The concern isn’t unfounded either, recent trends in cybersecurity show that Australian businesses have faced increasing risks of data breaches. A 2024 study by Small Business Connections revealed that 42 per cent of SMEs in Australia identified data and security concerns as the primary hurdles to AI adoption. Until businesses feel confident that AI platforms offer robust security measures, many will be reluctant to adopt the technology.

Missed opportunities for growth

Despite these valid concerns, Australian SMEs risk missing out on the significant growth opportunities that AI presents. Research from the University of Adelaide indicates that greater AI utilisation could add $200 billion annually to Australia’s economy, creating over 150,000 new jobs by 2030​. 

This holiday period has seen businesses face heightened customer demands, supply chain pressures, and increased vulnerability to cyber threats. AI-driven solutions can help manage these challenges by streamlining operations, improving inventory management, and detecting fraudulent transactions in real time. For SMEs in retail, AI can also personalise customer experiences, leading to higher sales and better customer retention during the busiest time of the year. Failing to adopt AI now means missing out on the potential to thrive in a rapidly evolving digital marketplace.

To overcome these barriers, education and accessibility will be crucial. Australian SMEs need greater awareness of how AI can be applied practically and ethically. However, greater support from government and industry bodies will be essential in creating a smoother path to AI adoption. 

The post Why Australian SMEs aren’t adopting AI fast enough appeared first on Inside Small Business.

AI use will continue to rise, but so too will concerns about responsible use

Next year, concerns about responsible use of AI will accompany its continued rapid adoption, according to tech consulting firm Synechron.

“Responsible adoption, trust-building, and proactive investment in secure, sustainable, and scalable technologies will be essential for organisations to thrive in 2025 and beyond,” said Chief Technology Officer David Sewell.

Most Australian businesses haven’t yet adopted responsible AI practices, according to a report by Fifth Quadrant. And customers are aware that businesses aren’t doing their due diligence: recent research has found that they don’t trust enterprises to use AI properly.

Additionally, the Government is currently working on a set of Mandatory Guardrails for responsible AI usage, though it’s currently unknown if these will apply to small businesses.

Small businesses will take data privacy more seriously

The Government has also recently phased out the small-business exemption from the Privacy Act, which previously applied to businesses with a turnover of less than $3 million. This means that SMEs must report any data breaches that result in serious harm to individuals, or else suffer financial penalties.

“The new amendments introduce greater powers to the Office of the Australian Information Commissioner (OAIC) to crack down on breaches and the assessment timeframe is tightening from the 30-day period to just 72 hours,” explained Greg Lever, Senior Vice President & General Manager, Iron Mountain APAC. “This means SMEs will need to establish clear protocols for identifying and responding to breaches promptly if they want to avoid hefty fines and legal repercussions.”

IT service provider Logicalis Australia says it expects to see more businesses retaining their data thoughtfully and sparingly, rather than hoarding all generated information.

“Regulatory bodies are increasingly demanding that businesses minimise data collection and storage,” explained Logicalis CEO Anthony Woodward. “Poor data governance can lead to compliance failures, security vulnerabilities, and loss of consumer trust.”

Cybersecurity will continue to be a concern for SMEs

We know that cybersecurity is an issue for SMEs. Last financial year saw a 24 per cent increase in cyber crimes in Australia, according to the Australian Signals Directorate. Despite this, 22 per cent of small businesses and 15 per cent of medium businesses plan to reduce spending on cybersecurity management, according to the latest SME Cyber Security Management report by Business NSW.

Small businesses can’t afford cybersecurity, making this a huge concern for the community. To combat the issue, the Government has recently launched a Small Business Cyber Resilience Service, which promises tailored advice to SMEs to help keep them safe from cyber crime.

The post From responsible AI to minimising data collection: The 2025 tech trends SMEs should know appeared first on Inside Small Business.

As criminals become increasingly sophisticated, companies must educate employees on the danger signs to look out for – and the lessons should be regularly refreshed.

Scams are a common way that cybercriminals target small businesses. They work by impersonating management, clients or suppliers, requesting money to be transferred, or inciting people to click on malicious links or attachments that can harvest log-in details and passwords to bank accounts or other confidential resources.

“Cybercriminals may try to scam your business through email, text messages, phone calls, and social media,” warns Rebecca Warren, Executive General Manager of Small Business Banking with Commonwealth Bank (CommBank). “They will often pretend to be a person or organisation you trust.”

For example, a sole trader customer of CommBank received a call from a man with a British accent claiming to be from the security team, advising her that a suspicious payment had been made from her account and he needed her to help him access her CommBiz service so he could resolve the problem. When she could not log in, she believed the caller: The victim had provided enough information for him to reset the password already, and when she tried to log in, her password no longer worked.

The customer provided the scammer with the answers to her security questions and generated three e-tokens over the course of the call, resulting in $700,000 lost from the company’s business account.

Phishing attacks

Phishing attacks, another type of scam, often contain a link to a fake website where staff are encouraged to log in to an account or enter confidential details. The intent is to obtain passwords that cybercriminals can use to “take over” the online accounts of small businesses and hold them to ransom. Business Email Compromise is another. Here, a scammer will use email to trick someone into sending money or paying a fake invoice. Others may pretend to be someone in the business and seek confidential company information that can be used to carry out another scam.

The impact can be devastating

The impact of not taking cybersecurity seriously could devastate SMEs, explains Rebecca Warren, Executive General Manager of Small Business Banking with Commonwealth Bank (CommBank). But, working with small-business owners daily, she understands their challenges and why – with so much pressure from responding to rising costs, tightening consumer spending and inflation on their minds in the current economic climate – cybersecurity may not always be top of mind. A lack of time is among the leading causes.

“We know small business owners often work around the clock and have competing priorities with limited time on their hands, which can make them an easy target for scammers and cybercriminals,” she told Inside Small Business.

CommBank works very hard to educate small-business owners about staying safe from scams and cyber threats, says Warren, hosting in-branch seminars on scams and fraud awareness for small businesses nationwide, among other initiatives.

The bank halved scam losses to its customers last financial year according to CommBank’s annual report and it is actively working with other businesses and governments to reduce scams further.

“We firmly believe a coordinated and whole-of-ecosystem response is required to fight scams – across financial institutions, telcos, government, social media and digital platforms, as well as from consumers.”

She says Commbank has invested $800 million to protect account holders from scams, fraud, cyber, and financial crime and has more than 4000 people working on preventing and disrupting crime, figures published in its annual report this year.

Warren urges all small businesses to educate employees about critical cybersecurity threats to reduce the risk of harm:

• How to spot a scam or phishing attack.
• Common cyber security threats such as compromised business email and ransomware.
• The importance of using strong passwords or passphrases, multi-factor authentication and regular software updates.
• What do you do when you think you might be a victim?

CommBank’s three critical tools for fighting fraud and scams

CommBank is delivering initiatives that help customers stay safe by improving early detection and prevention of scams through essential tools NameCheck, CallerCheck and CustomerCheck, as well as progressive advances in its own cyber protection.

NameCheck is a security tool that searches the account details you’ve entered when making a first-time payment in NetBank, the CommBank app or CommBiz and uses available payment data to indicate whether the account details seem right. Since its launch last year, NameCheck has already prevented over $410 million in mistaken payments and scams, according to CommBank’s annual report.

CallerCheck gives customers peace of mind when they receive a call from an unknown number, indicating that the bank is genuinely contacting them. It triggers a security message in the CommBank app so account holders can verify that a caller claiming to be from CommBank is legitimate.   

CustomerCheck is a push notification within the CommBank app sent to customers to confirm their identity when they visit a branch or speak to a CommBank staff member in person. It sends a security message to the account holder’s CommBank app.

CustomerCheck and CallerCheck are the bank’s preferred verification methods, offering a secure way to complete the identification process in place of existing identification methods like a signature if there is evidence or concern their identity may have been compromised.

Beyond those critical start-of-the-art tools, the bank is constantly monitoring transactions, looking for unusual activity using AI, with humans stepping in when the system flags something as odd. The bank will contact the customer if something suspicious is detected in an account, so Warren urges customers to ensure their contact details are always up-to-date.

CommBank is also working hard to educate small-business owners about staying safe from scams and cyber threats. “We’ve partnered with the Council of Small Business of Australia and Telstra to launch the Cyber Wardens Program, designed to upskill small businesses in cyber safety, and we host in-branch seminars on scams and fraud awareness for small businesses across the country,” explains Warren.

Stop. Check. Reject

Finally, CommBank urges all SMEs to remember three simple steps when someone phones or emails saying they are representing CommBank: Stop. Check. Reject.

Stop: Does a call, email or text seem off? The best thing to do is stop. Take a breath. Real organisations won’t pressure you to act instantly.

Check: Ask someone you trust or contact the organisation the message claims to be from.

Reject: If unsure, hang up on the caller, block the phone number, or delete the email. And change your passwords.

• To learn more about how CommBank helps protect Australian businesses, visit the bank’s website here.

Things you need to know:

This article has been published for general information purposes only. As this information has been prepared without considering your objectives, financial situation or needs, you should, before acting on this information, consider its appropriateness to your circumstances, if necessary, seek professional advice. The Bank believes that the information in the article is correct and any opinions, conclusions or recommendations are reasonably held or made, based on the information available at the time of its compilation, but no representation or warranty, either expressed or implied, is made or provided as to accuracy, reliability or completeness of any statement made in the article.

Commonwealth Bank of Australia ABN 48 123 123 124 AFSL and Australian credit licence 234945.

The post Lax cybersecurity is a big threat to SMEs. Here’s how one bank is fighting back appeared first on Inside Small Business.

Meant for business-to-business transactions, eInvoicing (or electronic invoicing) lets you exchange invoices digitally through shared software, eliminating the need to print or email them. While it’s still optional right now, it’s set to become the new industry norm.

Over 130,000 Aussie businesses are currently registered for eInvoicing, with adoption growing as more software providers integrate it. The recent Federal budget also allocated $23.3 million to help small businesses adopt eInvoicing.

If you’re feeling a bit overwhelmed by the shift, we shall break it down and show you how this change can be a win for your business.

The right software support

eInvoicing works through standard, secure networks, allowing invoice data to be exchanged between different software systems. In Australia (and many other countries), this standard is the Peppol network. To use eInvoicing, both your business and the recipient’s business must use software that connects via Peppol, where Australian Tax Office-approved service providers securely deliver invoices.

The Australian eInvoicing system is designed to integrate easily with your accounting software. Many small-business providers, like Xero, already offer eInvoicing. So, start by checking if your current system supports it. If not, it might be worth switching to avoid a complicated setup.

When choosing new software, remember to look for:

• Ease of use
• Good integration with your existing systems
• Local customer support

A good invoicing solution will help you stay compliant, streamline your process, and reduce errors.

Slashing scams and late payments

The recent Pursuing Payments Report by GoCardless revealed that one in five Australian business owners are losing between $6,000 and $30,000 each year due to late payments, and more than half expect the problem to get worse this year. eInvoicing automates the invoicing process to facilitate more timely payments.

eInvoicing also reduces the number of late payments and builds better business relationships by encouraging prompt, reliable transactions. It can help to prevent delays and miscommunications, allowing everyone involved to move forward smoothly and avoid any financial hiccups.

eInvoicing’s advanced security features, like encryption and secure transmission, protect your data from scams and unauthorised access. Plus, by storing everything electronically, it cuts the risk of losing or damaging physical invoices and makes it a breeze to manage and find your documents when you need them.

What to do with the money saved

Traditional invoicing often comes with high administrative costs, including expenses for paper, printing, postage, and manual processing time. eInvoicing helps cut or eliminate these costs by automating many of these tasks. With digital invoicing, you can lower your operational expenses, boost efficiency, and allocate resources more effectively. Plus, reducing errors and rework from manual invoicing can lead to even more savings both financially and in human resources. 

With late payments dramatically reduced, your cashflow will also become more secure, giving you more cash on hand to reinvest in your business. According to the Pursuing Payments Report, if customers paid on time, 31 per cent of business leaders would use the extra funds to grow their business, 30 per cent would pay suppliers sooner, and 28 per cent would invest in other areas. This creates growth opportunities even in a sluggish economy, allowing you to explore marketing, new products or services, and even hiring more support.

Switching to eInvoicing is a chance to remove pain points in your invoicing process and boost your business’s efficiency. You’ll not only keep up with the new invoicing standard but also improve relationships, reduce late payments and increase cashflow. 

The post Why (and how) to adopt eInvoicing appeared first on Inside Small Business.

The dispute escalated last week when WordPress’s co-founder, Matt Mullenweg, accused WP Engine of infringing upon their trademark in an inflammatory blog post entitled “WP Engine is not WordPress“.

WP Engine is, indeed, not affiliated with WordPress.org. However, the paid hosting provider, and others like it, are used by many businesses to build online stores and eCommerce sites using WordPress.org’s infrastructure.

On September 23rd, WordPress’ parent company, Automattic, sent a cease-and-desist letter to WP Engine demanding it cease operations until it entered negotiations with Automattic. When WP Engine failed to comply, it was banned from WordPress.org.

The move meant that automatic plugin updates were disabled for WP Engine customers, leaving business owners to update their plugins manually. This could potentially be an issue for small businesses or sole-traders who don’t have access to IT support or who aren’t tech-savvy. Plugin updates are critical for maintaining website functionality and protecting against vulnerabilities that hackers frequently exploit.

Though WP Engine took to X.com soon after the ban to announce that it had “deployed a solution” and restored “regular workflow practices” for its 1.5 million global customers, the incident has raised concerns for those who use WordPress hosting providers that are not owned and/or operated by Automattic.

What does this mean for SMEs?

WordPress makes up 83 per cent of all Australian websites using open-source technologies, and WP Engine is one of the largest hosting providers. Many small businesses rely heavily on both platforms for their day-to-day operations.

When a business’s website is down or vulnerable – including due to conflicts such as this recent one – sales, bookings, and customer relationships can all be negatively impacted. To make matters worse, switching to another website builder or hosting provider often involves time-consuming and expensive migration processes.

The immediate conflict may be over, but it has small-business owners feeling uneasy.

“What happens if this occurs again? What if another hosting provider like WP Engine gets caught in a similar dispute? It puts millions of businesses at risk,” said Annette Welsford, an Australian small-business owner who reached out to ISB.

Welsford, the CEO of Commonsense Marketing, has been using WordPress exclusively for website building for the last decade. Six years ago, she switched to WP Engine due to its speed, security, and good customer support.

She fears the potential for further disputes between WordPress and hosting providers who use the platform.

“What do we all do? Do we stop using hosting companies that support WordPress? Do we stop using plugins that are called ‘WP’ or ‘WordPress’ so that our sites don’t stop being functional and become vulnerable to hacking?” Welsford said.

“We have used many platforms over the years, and WordPress is our firm favourite by far. We have no desire to rebuild all of our customers’ sites to a different platform. And I know our customers will not want to pay for this to be done either.”

Welsford’s concerns reflect the growing unease among small-business owners in a world where websites are critical to both brand identity and revenue streams. Though the conflict between WordPress and WP Engine seems to be resolved for now, a future fall-out could have devastating effects for many businesses around the world.

If you are a small-business owner who uses WordPress, ISB has previously posted tips on how to prevent your website being hacked.

The post What the WordPress conflict means for small businesses appeared first on Inside Small Business.