A groundbreaking research paper titled "Building Resilient SMEs: Harnessing Large Language Models for Cybersecurity in Australia" by Benjamin Kereopa-Yorke has revealed promising ways artificial intelligence could help small businesses combat rising cyber threats.
The comprehensive study evaluates how Australian SMEs can leverage large language models (LLMs) such as OpenAI's GPT and Google's PaLM to bolster their cyber security capabilities, addressing a critical vulnerability in Australia's business landscape.
According to the research published on arXiv, LLMs can assist SMEs in several key areas including generating security policies, automating incident reports, providing real-time threat analysis, and supporting security awareness training through chat-based learning interfaces.
The timing of this research is significant, with the Australian Cyber Security Centre (ACSC) reporting that 43% of cybercrime victims are small businesses, with the average cost per incident exceeding $39,000 for SMEs. Australian small businesses, which make up over 97% of all businesses in the country, often lack dedicated cyber security teams and rely on outsourced or ad hoc IT services.
Using a mixed-methods approach including surveys, interviews, and GPT-3 performance trials, the study found that LLMs produced useful outputs for drafting data protection policies, creating breach response templates, and rewriting complex legal clauses in simpler language.
However, the research also identified important limitations. LLMs scored high in relevance and clarity but lower in completeness and accuracy—particularly when referencing specific Australian laws or regulations.
The findings suggest that while LLMs offer valuable assistance, they should not replace human security experts. The research points toward a "human-in-the-loop" model where AI drafts content but human experts verify and refine the outputs.
The paper comes as several complementary initiatives emerge across Australia. A CSIRO-led research project aims to predict organisational cybersecurity risks using AI and LLMs.
For small businesses wanting to implement the Essential 8 framework—mitigation strategies recommended by the ACSC—LLMs could provide valuable assistance in understanding and documenting these controls.
The landscape suggests that rather than replacing cyber security firms and consultants, these AI tools could enhance their service offerings by handling routine documentation while human experts focus on complex security challenges.
The research outlines practical benefits for SMEs, including automated policy creation aligned with standards like ISO 27001, summarised threat intelligence, compliance support referencing Australian regulations, and generation of training content tailored for SME staff.
For SMEs considering adopting these technologies, the research recommends using LLMs as drafting assistants rather than decision-makers, avoiding sharing sensitive data with free tools, verifying outputs with cybersecurity experts, and starting with manageable projects like generating awareness materials.
The research concludes by emphasising the need for localised models trained on Australian law, frameworks guiding ethical use of LLMs in business, and ongoing collaboration between researchers, cyber security companies, and SME leaders.
Need help with your own Cybersecurity? Contact Winbasic today!
