Federal Parliament Launches First Inquiry Into SME Cyber Security Risks

The Select Committee on Cyber Security for Small to Medium Sized Businesses has commenced inquiry into corporate digital defenses and supply chain vulnerabilities.

Federal Parliament Launches First Inquiry Into SME Cyber Security Risks
Committee Chairperson, Member of Parliament Sally Sitou.

Canberra, Australia — The Select Committee on Cyber Security for Small to Medium Sized Businesses and Organisations has officially commenced a parliamentary inquiry into the digital risk profiles and operational preparedness of Australia’s independent corporate sector.

The high-level probe, commissioned by the House of Representatives, represents the first specialised federal investigation explicitly mandated to scrutinise the escalating digital threats confronting small-to-medium enterprises (SMEs) and non-profit organisations.

It comes amidst mounting regional intelligence warning that minor commercial entities are increasingly targeted as soft insertion points into critical state and corporate supply chains.

The inquiry broadly evaluates the systemic cyber maturity of the nation's commercial base, with particular focus on entities maintaining fewer than 200 personnel.

Committee planners are expected to audit the systemic adequacy, technical appropriateness and practical accessibility of defensive frameworks currently distributed by statutory agencies, while assessing whether mandatory cyber security standards should be codified for the sector.

Committee Chairperson, Member of Parliament Sally Sitou, stressed that minor commercial operations have been left dangerously exposed to professional syndicates due to acute structural resource constraints.

“Small businesses are on the frontline of cyber risk but too often they’re expected to defend themselves without the time, tools or resources they need,” Sitou said.

“This is the first federal inquiry to take a close look at the cyber security challenges facing small and medium-sized businesses.

"We want to work directly with them to understand the threats they’re up against and how we can better protect them," she said.

Crucially, the terms of reference will investigate the structural barriers inhibiting smaller operations from securely procuring private digital protection services.

Investigators will also analyse how deflated operational security capacities restrict local enterprises from bidding on competitive government contracts and large-scale corporate procurement panels.

Employee literacy programs will further be assessed to quantify the stabilising effects of routine industry training.

The Select Committee has issued a formal call for comprehensive written submissions from technical sector specialists, legal analysts, and business proprietors.

The deadline for formal evidentiary lodgments has been set for 28 August 2026, ahead of scheduled public cross-examinations.