Cybersecurity concerns top the list of tech barriers at 29.8 per cent, yet small businesses are cutting cyber spending. CreditorWatch CEO Patrick Coghlan explains this dangerous paradox.
What’s happening: Cybersecurity concerns top the list of barriers to technology investment at 29.8 per cent, ahead of limited financial resources at 25.3 per cent and return on investment uncertainty at 23.1 per cent. Yet research shows fewer than one in five small businesses have formal cybersecurity policies, creating a dangerous paradox that’s holding Australian businesses back from AI adoption.
Why this matters: The cybersecurity barrier is creating a vicious cycle: businesses fear adopting new technologies due to security concerns, yet failing to modernise leaves them more vulnerable to attacks. With 41.5 per cent of businesses now using AI tools and reporting 94.6 per cent satisfaction rates, those held back by cybersecurity fears risk falling further behind competitors whilst remaining exposed to evolving threats.
Australian businesses face a dangerous paradox: cybersecurity concerns are the biggest barrier to technology adoption, yet failing to modernise leaves them even more vulnerable to attacks.
CreditorWatch’s latest Annual Business Sentiment Survey, which canvassed 1,017 business decision-makers in September 2025, reveals that 29.8 per cent of businesses cite cybersecurity concerns as their top barrier to technology investment, ahead of limited financial resources at 25.3 per cent and uncertainty about return on investment at 23.1 per cent.
Yet research shows that only one in five small businesses have a formal cybersecurity policy or provide staff training on cybersecurity issues, a figure that has declined since 2021 according to auDA’s Digital Lives of Australians 2025 report.
“AI is no longer just a fringe investment, it’s central to how businesses compete,” says CreditorWatch CEO Patrick Coghlan. “But we’re seeing businesses paralysed by cybersecurity fears, unable to move forward with technology adoption that could actually help protect them.”
The cybersecurity paradox
The survey found that one in three, or 32 per cent, of Australian businesses haven’t adopted any new technologies in the past year, with almost half of sole traders at 49 per cent and around 40 per cent of SMEs lagging behind, compared to just 4 per cent of large businesses.
Meanwhile, those who have embraced AI report exceptional satisfaction. Some 41.5 per cent of businesses adopted AI tools in the past 12 months, up from 34.8 per cent in May 2024, with 94.6 per cent of adopters reporting positive outcomes.
The cybersecurity barrier becomes even more concerning when viewed alongside broader security trends. Research from auDA shows that 83 per cent of Australians believe cybercriminals are becoming more sophisticated, yet one-fifth of small businesses report spending nothing on cybersecurity.
Recent data from the Office of the Australian Information Commissioner shows a 9 per cent increase in data breaches during the first half of 2024 compared to the previous six months, whilst the Australian Cyber Security Centre noted an 8 per cent rise in the average cost of cybercrime for small Australian businesses during the same period.
“We’re witnessing a shift from curiosity to capability with AI adoption, but there’s still work to be done to enable smaller businesses in particular to keep pace and advance technologically,” Coghlan states. “The challenge is that cybersecurity concerns are holding them back from the very technologies that could help them modernise securely.”
Who’s embracing AI
Amongst businesses that have adopted AI, the most common applications include content creation and editing at 46 per cent, data insights and analytics at 37 per cent, automation of routine tasks at 37 per cent, customer service and chatbots at 35 per cent, sales and marketing analytics at 33 per cent, and project and task management at 31 per cent.
The divide in adoption and impact expectations is clear across industries. AI adoption is accelerating across financial services and business services, reporting adoption rates of 49 per cent and 53 per cent respectively, with satisfaction levels exceeding 95 per cent. In contrast, sectors such as construction, distribution and retail are lagging, with adoption rates below 35 per cent.
Larger businesses are leading the way, with 69 per cent of companies with 200 or more employees integrating AI tools, compared to just 33 per cent of small businesses and 30 per cent of sole traders. These larger organisations also report the highest satisfaction at 99.1 per cent and strongest expectations of impact, with over 73 per cent anticipating significant or moderate transformation within five years.
AI adoption is broadening across sectors and demographics, with notable gains amongst female-led businesses, up 8.6 percentage points, Generation Z leaders, up 13.4 percentage points, and businesses in New South Wales, Victoria and Queensland, all of which saw double-digit increases.
The knowledge gap
Beyond cybersecurity concerns, the CreditorWatch survey reveals that lack of technology knowledge and skilled employees combined account for 38.8 per cent of barriers to technology investment, whilst financial and time constraints have eased since 2024.
Cybersecurity experts warn that the Australian Government’s $550 million investment targeted towards bolstering cybersecurity for small businesses underlines the urgency of digital safety. A key initiative is the free resource Cyber Wardens, designed to build a cyber-smart small business workforce.
The Australian Cyber Security Centre reports that 62 per cent of SMBs in Australia have experienced cybersecurity breaches, with phishing being the most common attack vector. Approximately half of businesses with fewer than 50 employees have no cybersecurity budget at all.
A global study on information technology security amongst small and medium-sized businesses found that 52 per cent of SMBs still use manual tools, including documents or spreadsheets, to manage privileged access, despite the fact that such sources are precisely what ransomware and intrusion programmes target. Surprisingly, these manual management practices increased by 7 per cent between 2024 and 2025.
“In an era of escalating cyber threats, strengthening cybersecurity measures is paramount,” notes cybersecurity expert Ben Jones, head of cyber security at Mackay Goodwin. “Critically, the Australian Government has recognised this urgency.”
Breaking the cycle
The paradox creates a vicious cycle: businesses hesitate to adopt AI and other technologies due to cybersecurity concerns, yet failing to modernise leaves them more vulnerable to attacks and further behind competitors who are leveraging technology for efficiency and growth.
“The findings reflect a maturing market and a growing recognition of AI’s strategic value,” Coghlan says. “Companies embracing AI are seeing real returns, and that’s driving broader adoption across sectors. But cybersecurity concerns shouldn’t prevent businesses from moving forward, they should inform how businesses implement technology securely.”
Experts emphasise that cybersecurity goes beyond sophisticated tools, requiring training for company specialists to exploit these tools effectively, whilst staff must know how to avoid the most common traps. Data breaches and cyberattacks are on the rise, but practical and affordable cybersecurity solutions are available for SMEs to help protect businesses from financial losses, operational disruptions and reputational damage.
CreditorWatch’s data shows that 49 per cent of business leaders expect AI to have a significant or moderate impact on their operations over the next five years. This forward-looking sentiment, combined with rising adoption and satisfaction, suggests that AI is transitioning from a tactical tool to a strategic enabler.
For smaller businesses looking to break the cycle, experts recommend starting with clear operational goals, investing in both technology and cybersecurity training, and seeking guidance from trusted advisers who can help navigate the balance between innovation and security. The key is understanding that modernisation and security aren’t opposing forces, they’re complementary strategies for business survival and growth.
“In today’s economic climate, where businesses are under pressure from a range of external factors, digitally transforming and optimising operations with the support of futuristic technologies can help deliver cost savings and competitive advantage,” Coghlan concludes. “But that transformation must be secure, and security concerns shouldn’t paralyse progress.”
Find out more at creditorwatch.com.au.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
