Skip to main content
Marsh Logo

Fix up your insurance to WIN a 2026 Toyota AFL Grand Final experience*! Find out more

*Terms and conditions apply. Entry upon purchase of applicable insurance policy. Authorised under ACT Permit No. TP 26/00594. SA permit no. T26/450. AFL Authorised GF Promotion GFAFL26/18.

Why Australian SMEs are losing money due to invoice fraud and how cyber insurance can help

Invoice fraud is one of those risks that many Australian small businesses only think about after money has already left the account.

It usually does not start with anything dramatic. A familiar supplier. A normal email. A payment request that looks right at first glance. By the time the mistake is spotted, the funds are often gone, and recovery can be difficult.

For Australian small and medium enterprises (SMEs), this type of cybercrime is now becoming a regular issue rather than a rare one.

What does invoice fraud look like in practice?

Invoice fraud often sits under the broader category of cybercrime and social engineering. The goal is simple. To trick someone into sending money to the wrong place.

Common scenarios seen across Australian businesses include:

  • A legitimate supplier invoice is intercepted and altered with new bank details
  • A business email account is compromised and used to redirect payments
  • A fake invoice closely matching a real supplier request is sent at the right time

These incidents appear across many different industries. Construction, manufacturing, professional services, healthcare, education and retail are all exposed because payments are often frequent and time-sensitive.

The Australian Signals Directorate notes that cybercriminals increasingly target small businesses as larger organisations strengthen their defences, making SMEs a more accessible entry point into financial systems.

Why is invoice fraud hard to spot?

Invoice fraud works because it blends into normal business activity. Invoices are paid every day, staff are busy, and payment details change occasionally. When a request looks familiar, it often does not raise alarms.

Technology also plays a significant role in enabling invoice fraud. Many SMEs rely on cloud accounting software, email-based approvals and online banking. These tools improve efficiency, but they can also create gaps if controls are limited or verification steps are skipped.

One-third of Australian small businesses report being ‘unaware or inactive’ in their approach to cybersecurity, according to 2025 research completed by Cyber Wardens1. This lack of preparedness makes it easier for invoice fraud to slip through unnoticed.

Source: ACCC, https://www.accc.gov.au/media-release/beware-of-fake-invoices-from-scammers-impersonating-businesses [Accessed 05/02/2026]

The financial impact on small businesses

The financial consequences of invoice fraud can be significant for SMEs, particularly when cash flow is a focus.

The Australian Signals Directorate reports that the average cost of a cyberattack is $56,600 for small businesses and $97,200 for medium businesses in Australia. These figures include direct financial loss, disruption to operations and recovery costs.

For many SMEs, a single fraudulent payment can disrupt supplier relationships, delay projects and place pressure on working capital.

Australia is home to more than two and a half million small businesses, according to the Australian Small Business and Family Enterprise Ombudsman. That scale means even low-value fraud, when repeated across the economy, becomes a serious issue.

How cyber insurance may respond to a cyber incident

Cyber insurance is not a replacement for good cyber controls, but it can form part of a broader risk management approach. Cyber insurance isn’t just for Fortune 500 or ASX50 companies. It can be flexibly designed and priced to fit small businesses, giving lean teams practical protection that complements their security efforts.

For invoice fraud incidents, cyber insurance may respond to certain cybercrime events, including social engineering and payment redirection scams, depending on the policy terms and conditions.

Cover can also extend to support services following a cyber incident, such as:

  • Access to incident response specialists
  • Forensic investigation to understand how the fraud occurred
  • Legal and notification support where required under the Privacy Act 1988 (Cth) and the Cyber Security Act 2024

It is important to note that not every loss is automatically covered. Policy wording, triggers and exclusions matter, which is why understanding how invoice fraud fits within cyber risk is essential.

Reducing the risk before an incident happens

Most invoice fraud incidents rely on small gaps rather than system failures.

Practical steps that many SMEs consider include:

  • Verifying changes to supplier bank details through a second channel
  • Limiting who can approve payment changes
  • Training staff to pause when payment requests feel unusual

These steps help reduce exposure, but they do not remove risk entirely. Cybercriminal tactics continue to evolve, particularly as artificial intelligence is increasingly used to mimic legitimate communication.

Invoice fraud deserves your attention

Invoice fraud is not limited to large transactions or complex systems. It affects everyday business activity.

As cybercrime continues to target SMEs, invoice fraud remains one of the more common and financially damaging outcomes. Understanding how it happens, why it works and how cyber insurance may assist helps businesses make informed decisions about their risk approach.

Do you have questions?

For businesses reviewing their cyber exposures, invoice fraud is often one of the clearer examples of how digital risk translates directly into financial loss. Marsh’s cyber insurance solution for SMEs, does include optional cover for social engineering fraud, to help mitigate and recover financial losses from impersonation scams and fraudulent invoices.

Request a call back

Frequently asked questions

Invoice fraud occurs when a business is tricked into paying money to a fraudulent account, often through altered or fake invoices.

Yes. Invoice fraud commonly falls under cybercrime and social engineering activity involving email or system compromise.

Yes. Australian government cyber reporting shows SMEs are frequently targeted due to fewer security resources. 2024 data from the latest Cyber Wardens Small Business Cyber Security Pulse Check Report, found that 4 in 5 (82%) of Australian small businesses have been exposed to or experienced a cyber incident2.

Any industry that uses email as part of its payment processes can be susceptible to invoice fraud. Industries with especially frequent supplier payments, such as construction, professional services and healthcare, are more commonly exposed.

Some cyber policies may respond to social engineering or invoice fraud events, subject to policy terms and conditions.

No. Cyber insurance supports recovery but does not replace strong internal controls.

Often, through compromised email accounts or intercepted communication with suppliers.

No. Many fraudulent invoices closely match legitimate payment requests.

Immediate action, including contacting the bank and seeking specialist support, is critical.

They can be if access controls and verification steps are limited.

Australian government data shows cyber incidents affecting SMEs are frequent and costly. In 2024, Australian small businesses reported losing $4 million dollars to ‘business email compromise’ scams the Scamwatch3.

Information is available on Marsh’s cyber insurance page for Australian businesses.

References

[1] Cyber Wardens, “an initiative through the Council of Small Business Organisations of Australia”, https://cyberwardens.com.au/research-report/small-business-cyber-security-pulse-check-report, accessed 5 February 2026.

[2] National Anti-Scam Centre, “Targeting scams report 2024”, https://www.scamwatch.gov.au/system/files/targeting-scams-report-2024.pdf, accessed 5 February 2026.

[3] CyberWardens, “Small Business Cyber Security Pulse Check Report” https://cyberwardens.com.au/research-report/small-business-cyber-security-pulse-check-report, accessed 5 February 2026.

This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238 983) (“Marsh”) and Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238 369) (“MAI”) arrange the general insurance (i.e. not the Discretionary Trust Arrangement) and are not the insurer.

Discretionary Trust Arrangements are issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417 964) (“JGS”). Any advice or dealing in relation to a Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) (“JLT”). The cover provided by a Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions.

For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements (PDSs) available from the relevant product issuer. Target Market Determinations (TMDs) are available here.

Marsh, MAI, JGS and JLT are all businesses of the Marsh group.

LCPA 26/1783