Login
iscover
Australian small businesses have been warned to urgently assess and address their liability to scams to lessen the potential damage.
Newsletter
Businesses can’t wait for the scam liability debate to play out
12 February 2025
•
8 minute read
Australia is one of the world's biggest cyber crime targets, with malicious actors targeting its residents every six minutes and $2.74 billion lost to scams in 2023–24, according to the ACCC’s most recent report.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
No one denies that the country is a major target. What is up for debate is who should wear the cost of that reality. Specifically, does the government’s proposed Scam Prevention Framework go far enough to protect Aussies?
Consumer advocates, including the People Over Profit campaign launched by news.com.au, argue that it does not. These groups want to see the burden shifted from everyday Aussies to financial institutions, arguing that regulators should require banks to compensate victims for scam losses except in cases of negligence.
Our take? Regardless of what Australia’s liability frameworks might look like, cybercriminals have a lot of advantages – and those demand layered solutions and strategic, cross-sector collaboration.
Unfortunately, businesses face significant risks right now. As important as it is to evolve our approaches to scam prevention, business leaders can’t afford to wait for those to manifest.
Businesses are often left out of the scam prevention conversation
We’ve all seen heartbreaking stories of a pensioner or retired couple who lost their life savings to a complex, difficult-to-detect scam. These cases demand urgent fixes.
==
==
What sometimes gets lost is that everyday Aussies also comprise our country’s business community, including the small businesses that are significantly more likely to lose money to cybercriminals.
Rethinking scam liability might well end up being a crucial part of a solution, especially as scams become more sophisticated with help from artificial intelligence (AI). And we applaud broader efforts to shift the burden of scam losses away from vulnerable Australians and toward well-resourced entities.
It’s a policy that’s already in place in the UK, and most of Australia’s largest banks have made significant efforts to reduce scam losses – including confirmation of payee (CoP) tools.
Here’s the problem. The UK still loses billions to scams each year and, as Australian banks have pointed out, other organisations play roles that are arguably just as important when it comes to facilitating or preventing scams. Those include telcos, tech companies and social media platforms.
Further, CoP tools are a welcome layer of security, but many of them may not be practical within busy AP functions and still have loopholes for fraudsters to exploit. In other words, they’re only one piece of a national solution.
And national solutions often take an infamously long time to come together.
Scam liability debates underscore the need for business action
On the surface, these debates can look like old-fashioned finger-pointing, but they’re an illustration of the problem’s complexity. Loopholes within our communication and banking systems are compounded by tech outpacing legislation and law enforcement, which is further compounded by a lack of cyber awareness and training.
The end result is that Australia remains a soft target for scammers, and no single entity or individual can be blamed – which means no single entity can fix the problem unilaterally.
Campaigns like those from news.com.au are putting a necessary spotlight on the topic, while industry and government are working more closely than ever to prioritise solutions. These are encouraging developments. There are lots of reasons to be optimistic that Australia will find concrete ways to improve our overall security posture.
In the meantime, though, your business is at risk. Many leaders underestimate the damage caused by even the smaller fraud-related losses, as well as the true costs of a cyber incident – including operational disruptions, damaged relationships, employee morale and indirect costs like legal fees or forensics. Likewise, they sometimes overestimate the efficacy of fraud mitigation controls in a security landscape shaped by rapidly proliferating AI tools.
As risks accelerate, business leaders can’t wait for others to figure out a new approach to an infamously complicated problem.
Just as the broader problem requires a layered and multi-faceted solution, organisations will need similar layers of security within their finance and AP functions. To get started now, take a look at this year’s Cybersecurity Guide for CFOs, which outlines ways to test your vulnerabilities and put up-to-date solutions in place.
As the debate continues to unfold, don’t leave your business vulnerable.
You need to be a member to post comments. Become a member for free today!
