Bots, Breaches and Business: Cyber Risks for SMEs Evolve

Cyber threats are evolving faster than most businesses can keep up, and Australian SMEs are now in the crosshairs.

With bots, artificial intelligence-driven attacks, and regulatory changes hitting all at once, it’s a smart time to ask: Is your cyber coverage still fit for purpose?

Bots are now most of the internet and many are malicious 

You might think you’re browsing the web alongside other humans, but odds are you’re not. More than half of all global internet traffic now consists of bots, and three-quarters of that comes from malicious sources. This figure has increased over the past six consecutive years. 

Australia’s strong financial and SME sectors make it a prime target for AI-driven bot attacks across the Asia-Pacific region. More than 60% of automated internet traffic here comes from malicious bots. The 2025 E-Commerce Bot Threat Report also finds that bots now account for 57% of online shopping traffic. 

Two-thirds of all online attacks on Aussie retailers are bot-enabled business logic attacks – almost 30% higher than the global average. These attacks target how your website, app, or system is designed to function, not just its technical vulnerabilities. By exploiting business processes and software coding, they often go unnoticed. 

Instead of breaking in, attackers misuse normal features in unexpected ways. For example, they might flood your store with fake $101 orders to trigger free shipping or manipulate discount codes to generate free goods. 

Beware of these common types of business logic attack:  

Abusing free trial systems to gain unlimited access 

Bypassing payment processes to get discounts or avoid charges

Bypassing payment processes to get discounts or avoid charges

Bypassing payment processes to get discounts or avoid charges

 With bots mimicking users, harvesting data, and launching automated attacks around the clock, even small security gaps could leave your business exposed. 

AI Is Changing How Insurers Assess Risk 

AI is also reshaping cyber insurance. Brokers or advisers and insurance underwriters now factor in risks such as
AI-driven breaches, faster fraud cycles, model retraining, and data poisoning attacks. They recognise that a single vulnerability can impact thousands of policyholders due to the interconnected nature of modern information technology.

Underwriters are asking sharper questions about your cyber hygiene. In addition to a solid firewall and antivirus, you will likely need to provide evidence of: 

• Multi-factor authentication 
• Regular software patching 
• Incident response plans just to secure a policy that covers today’s risks. 

Using AI Can Be A Boost Or A Blind Spot

AI tools are transforming business productivity. From customer service bots to smart accounting apps, AI can make a tradie’s admin faster or help a café streamline bookings. But without the right controls, such tools can introduce hidden vulnerabilities.

Three in four Australian businesses experimenting with AI have not yet adopted formal risk policies. The Federal Government has yet to introduce an AI Act similar to that in the European Union.

Without proper management, AI can expose weaknesses in your APIs, employee communications, or even business logic processes. 

It’s important to know that businesses using AI without robust governance frameworks may find it tougher or pricier to secure comprehensive cyber cover. 

Regulators Are Watching, And Rules Are Tightening

In the past year, Australian regulators have signalled a tougher stance on cyber risk. The Australian Securities and Investments Commission (ASIC) now considers cyber governance and the safe use of third-party AI tools a compliance priority. 

At the same time, the Australian Cyber Security Centre (ACSC) has issued specific guidance urging businesses to manage AI tools responsibly, especially when handling customer data. 

This dual pressure of technical risk coupled with compliance risk means it’s no longer sufficient to rely on traditional cyber policies without addressing emerging gaps. 

Signs Your Cyber Cover Might Need An Upgrade

If you haven’t reviewed your cyber policy in the past 12 months, your business might be at risk of gaps.

Warning signs include:

Business Growth

If you’ve added new services, platforms, or software tools 

Increased AI use

If you’ve started using AI applications without updating security protocols

Changes in suppliers

If third-party providers now handle more sensitive data 

Staff turnover

If cybersecurity training hasn’t kept pace with new hires 

Just as you wouldn’t leave your shopfront unlocked overnight, it pays to lock in cover that matches your current business model. 

As your broker or adviser, we can work with you to review your cyber insurance, identify potential risks, and ensure your protection evolves alongside your business. Whether you run a consultancy, a trades business, or a growing e-commerce brand, staying cyber-safe is no longer optional. It’s an essential part of doing business in 2025.