How 2 small businesses recovered from a cyber attack

Business name
IDCARE
Last updated date
18 Jun 2025

Cyber attacks are increasingly common. According to the 2023-2024 Annual Cyber Threat report from the Australian Signals Directorate, an attack occurs every 6 minutes in Australia, costing small businesses, on average, $49,000 per attack.

But financial loss isn’t the only concern for businesses. There’s also the potential reputational damage as well as the hours, days, weeks and months it can take to fix a problem – time better spent working on and in your business.

Strengthening your digital defences and reaching out for support if you are the victim of an attack is critical to saving your business time and money – no one can afford to lose $49,000.

The Small Business Cyber Resilience Service, funded by the Australian Government and delivered by IDCARE, provides free expert support, to help Australian small businesses and sole traders increase their resilience before a cyberattack occurs and to recover if it happens.

Hear from 2 small businesses who were able to recover with the support of the program, and learn more about what services are available to help you, before, during and after a cyber attack.

A girl with a kaptop entering a security code from her phone

Cybercriminals target charity helping vulnerable migrant women

Saleha Singh has spent years supporting vulnerable women in migrant communities – women experiencing family violence, mental health issues, and grief. Many of the women speak languages other than English, and rely on her charity to access life-changing support services delivered without a language barrier.

Through her organisation’s Facebook page, Chai, Chat & Community, Saleha created a digital sanctuary where women could connect, share stories, and find pathways to help. But 4 years of trust-building came under threat when cybercriminals hijacked the page and used it to promote fake investment scams.

Like many small businesses and charities across Australia, Saleha never imagined she’d be a target for cybercrime. But when her personal email, social media accounts, and charitable page were compromised, criminals started impersonating her – targeting the very women she was trying to protect.

Saleha turned to the Small Business Cyber Resilience Service to help her recover access to her accounts and strengthen her cyber resilience, to make sure she could continue to provide her digital sanctuary.

Now, Saleha is sharing her story across migrant communities, raising awareness about the growing threat of cybercrime and the vital importance of cyber safety.

'Many small organisations don’t think they’re a target – until it’s too late. Getting support from IDCARE helped me get back on my feet. Now I want to help others protect themselves before they go through what I did,' said Saleha.

Watch Saleha’s full story

Victorian small businesses are facing relentless cyber attacks

An Australian not-for-profit (name withheld for privacy) – was just days out from Christmas when everything went sideways.

The organisation’s marketing manager woke to find she was locked out of her personal email and Facebook. She hadn’t clicked a dodgy link or fallen for a scam call. But that didn’t matter – cybercriminals had found their way in.

Because her personal accounts were linked to the organisation’s social media, it took just minutes for the attackers to take over the business’s Facebook and Instagram.

The cybercriminals sent out more than 20 malware-loaded posts, draining the organisation’s advertising budget.

They were changing the password every time I tried to fix it. It was like playing whack-a-mole, the marketing manager said. The Small Business Cyber Resilience Service was recommended to her. She spoke to an advisor who helped her map out exactly what to do and how to do it and regain access to her accounts.

It was amazing. I wasn’t alone anymore. They gave me steps to follow and helped us get back in control of our accounts.

The organisation is no longer an easy target. With stronger defences and support on standby, they are ready to withstand ongoing cyber attacks.

About the Small Business Cyber Resilience Service

The Small Business Cyber Resilience Service provides free expert support to Australian small businesses and sole traders, to help increase resilience before a cyber attack and to help recover if it happens. It is available to you if you have 19 or fewer full-time equivalent employees.

The program is funded by the Australian Government and delivered by IDCARE – the national identity and cyber support service. IDCARE is an independent not-for-profit charity formed to address a critical support gap for individuals confronting identity and cyber security concerns.

If you’re looking to improve your cybersecurity or respond to an attack, you can contact IDCARE for one or more of the following support services.

Cyber advisory: to boost your business resilience, you can complete a cyber health check. This will assess what preventative strategies your business has in place. An advisor will then work with you in a one-on-one session to provide a personalised, step-by-step plan to improve your cybersecurity.

Cyber first aid: when something has gone wrong, IDCARE’s digital experts can provide a thorough examination of your compromised devices to remove malicious software and address the damage caused by cybercriminals.

Specialist case management: if you need help you can access case management services and speak to a case manager.

Wellbeing support: the emotional and psychological strain can be devastating after a cyber attack. IDCARE’s specialist psychology responders provide wellbeing support for individuals experiencing severe mental health because of cybercrime.

If you’re looking to boost your cyber resilience or have been impacted by a cyber attack, visit IDCARE’s small business cyber resilience service.

Stay up to date and protected

There are plenty of websites and resources to help keep you up to date on the latest cyber security scams and ways to prevent them.