Hospitality businesses lag on cyber safety, report finds

NSW cafes, restaurants and accommodation providers are among Australia’s least cyber-prepared small businesses, new research has found.

The 2026 Small Business Cyber Security Pulse Check Report, released on February 23, shows hospitality businesses are the slowest to adopt basic cyber safety measures.

The report found only 47 per cent of hospitality and accommodation businesses use strong, unique passwords or passphrases.

Just 37 per cent have cloud-based back-up systems, while only one in three protect business emails with multi-factor authentication.

Across all industries, four in five small businesses reported experiencing a cyber incident, up 3 per cent since 2023.

Council of Small Business Organisations of Australia incoming chief executive Skye Cappuccio said concern about cyber crime was not being matched by action.

“Small businesses are becoming more cyber savvy, but there’s still a dangerous gap in basic safety measures that are leaving small businesses exposed,” Cappuccio said.

“Our message is simple: don’t be a sitting duck for cyber crime.”

The report found hospitality businesses were particularly vulnerable due to their reliance on digital payment systems and the volume of customer data they hold.

Cyber crime remains a top-three threat to small business survival, with most owners reporting they would struggle to recover financially from an attack.