What Europe’s SMEs need to do for a cyber-secure future

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Alba Perez Grandi, Communications Officer, ENISA & Anna Sarri, Cybersecurity Officer, ENISA & Viktor Paggio, Seconded National Expert, ENISA


  • Small and medium enterprises (SMEs) constitute 99% of businesses in the EU and face diverse cybersecurity challenges including low management awareness and commitment;
  • In a time of heightened threats and remote work, a low-security budget and lack of cyber skills can seriously impact SMEs’ competitiveness;
  • By strengthening resilience across the whole value chain, the EU can take full advantage of digital transformation and the benefits of a digital single market.

Cyberattacks against digital infrastructure are one of the most common of all existing threats to the world. According to the World Economic Forum’s Global Risks Report 2021, cybersecurity failure is perceived as the fourth most likely risk in the short term that will become a critical global threat. https://open.spotify.com/embed/episode/0uqF6UceaRIUZRaQkFnQd5

By 2025, 25 billion digital devices are expected to be connected globally. As new technologies such as 5G and artificial intelligence (AI) arise and slowly infiltrate our daily lives, prevention, cybersecurity awareness and elevated cybersecurity skills are crucial priorities for governments, the private sector and the European Union as a whole.

Short-term risks identified by the Global Risks Report 2021
Short-term risks identified by the Global Risks Report 2021 Image: World Economic Forum

A digital mindset is already visible in our societies; the COVID-19 pandemic has urged us to embrace it, building trust and helping businesses prosper in the growing digital economy. Similar to the roots that secure a tree, a strong cybersecurity framework maintains a healthy and secure online environment, where no one is left behind.

Cybersecurity is a shared mission

The pandemic has taught us that cybersecurity more than ever before is a responsibility by all groups in society. From government to businesses, citizens, schools and academia; from management to employees, we all have a role to play to protect the digital environment.

New digital behaviour for a new digital decade is critical to protect organizations and user data against the growth in malicious attacks such as ransomware or phishing and to safeguard the online environment.

The EU Agency for Cybersecurity (ENISA) strives for open and transparent governance from Athens, its headquarters and the centre of ancient heritage and codes of virtue. One of the agency’s core organizational objectives is to increase the common level of cybersecurity across Europe. Since cybersecurity has no borders, ENISA is here to help promote a culture of cyber hygiene and risk management to help SMEs protect themselves from cyberattacks.

Can European SMEs stimulate the European economy in post-pandemic times?

The European Commission acknowledges the fact that small and medium-sized enterprises (SMEs) are the backbone of the EU’s economy representing 99% of all businesses in the EU and employing around 100 million people. They also account for more than half of Europe’s GDP and play a vital role in adding value to all sectors of the EU economy.

Around 25 million SMEs are active in Europe, forming the world´s largest single market area. The pandemic has put incredible stress on these businesses. SMEs are not only navigating a new digital realm where employees work from home and business is increasingly conducted online, but also where criminals can take advantage. Since the beginning of the pandemic, there has been an increase in social engineering attacks, such as phishing emails and scams related to the COVID-19 crisis. The first months of the health crisis saw a global 667% increase in phishing attacks.

Cybersecurity threats at the beginning of the COVID-19 pandemic
Cybersecurity threats at the beginning of the COVID-19 pandemic Image: Statista

During these challenging times, many SMEs had to continue conducting business and did so by deploying systems quickly in order to continue to serve their customers rather than taking time to increase their security. Adopting cloud services, enabling staff to work remotely and allowing access to file processing made it easier to ensure business continuity.

Further steps to secure the ICT infrastructure and scale the cybersecurity measures of businesses are essential to minimize the risk of cybercriminals compromising critical data and support SMEs’ growth in a post-pandemic world.

What SMEs have learned from cyber incidents

The EU Agency for Cybersecurity conducted interviews with European SMEs to formulate evidence-based, real-life incidents that occurred during the pandemic and draw lessons learnt to overcome them.

The most common cyber incidents identified were ransomware attacks, stolen laptops, phishing attacks and CEO fraud. The latter is a decoy meant to lure a member of staff into acting upon a fraudulent email from their CEO and usually asking for an urgent payment to be made to a supplier in order to meet a project deadline.

Research and real-life experience show that organizations deal with cyber incidents in a much more efficient way than those who fail to plan or lack the capabilities they need to address cyber threats correctly.

ENISA has developed 12 basic cyber tips to secure their business:

1. Develop good cybersecurity culture;

2. Provide appropriate training;

3. Ensure effective third party management;

4. Develop an incident response plan;

5. Secure access to systems;

6. Secure devices;

7. Secure your network;

8. Improve physical security;

9. Secure backups;

10. Engage with the cloud;

11. Secure online sites;

12. Seek and share information. https://www.youtube.com/embed/ymLKVTat-IM?enablejsapi=1&wmode=transparent

The cybersecurity challenges for SMEs

To mark International Small and Medium-Sized Enterprises Day in June, besides the aforementioned basic steps, the EU Agency for Cybersecurity has published a report, Cybersecurity for SMEs, on how to better secure their systems and businesses.

The report analyses the ability of SMEs within the EU to cope with the cybersecurity challenges posed by the pandemic and determines best practices to mitigate those risks.

The main challenges identified during the interviews section of the study include low awareness of the threats posed to business by poor cybersecurity; the costs of implementing cybersecurity measures often combined with a lack of dedicated budget; the availability of ICT cybersecurity specialists; a lack of suitable guidelines aimed at the SME sector; and low levels of support from management.

The common underlying issue appears to be management awareness and commitment, which in turn drives budget, allocation of resources and effective implementation of cybersecurity practices. Cybersecurity is not an issue that should only be discussed by IT teams; it needs to make its way into boardrooms.

Of the 249 European SMEs surveyed more than 85% stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening; 57% say they would most likely become bankrupt or go out of business.

Despite this, there is a tendency to believe that cyber incidents only affect larger organizations and are, therefore, still not considered as a major risk to SMEs. It is important for SMEs to be aware of the consequences such incidents will have on their business if they occur. Many believe that cybersecurity controls included in the IT products they have purchased will be sufficient and that no additional security controls are necessary unless mandated by law.

Criticality and sensitivity of processed information as perceived by SMEs
Criticality and sensitivity of processed information as perceived by SMEs Image: ENISA

The agency´s cybersecurity advice towards SMEs focuses on three crucial areas: people, processes and technical recommendations. The aim is to strengthen resilience across the whole value chain through the application of the 12 cybersecurity principles and the report includes suggested actions that the EU Member States should consider in order to support businesses, associations and agencies in improving their cybersecurity posture.

Effective cybersecurity provides SMEs with the confidence that allows them to grow, innovate and find new ways of creating value for their customers in our online and interconnected world. Let’s support these businesses on their journey to better protection against cyber threats.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Top UN rights official urges transparent probe into Khashoggi disappearance

Neither side stands to benefit in US-China trade spat, UN says

Questions and Answers on issues about the digital copyright directive

EP President calls for emergency assistance to migrants stranded on Open Arms boat

Women’s rights face global pushback from conservativism, fundamentalism – UN experts warn

Team Europe: €34 billion disbursed so far to tackle COVID-19 in partner countries

Here’s why China’s trade deal with Mauritius matters

Data marketplaces can transform economies. Here’s how

Eurozone: Even good statistics mean deeper recession

Primary Care: a way to provide Palliative Care in Universal Health Coverage

To solve the climate crisis, we need an investment revolution

Creating shared value: an opportunity and challenge for entrepreneurship

Bulgaria: MEPs call for EU values to be fully and unconditionally respected

JADE President opens JADE Spring Meeting 2014

Being blinded by labels stops social change. Art helps us see a better future

As threats to IoT devices evolve, can security keep up?

Innovation and entrepreneurship can cut waste and deliver the circular economy

EU Budget 2020 conciliation talks suspended

Global immunization is having its annual check-up. What can we learn?

UN cooperation with League of Arab States ‘pivotal’, UN chief tells Security Council

EU Budget 2019 to focus on young people

Three experts on why eradicating plastic pollution will help achieve gender equality

Berlin wants to break South’s politico-economic standing

This is where teachers are most (and least) respected

Understanding the gender gap in the Global South

European Parliament approves new copyright rules for the internet

Chile ups foreign bribery enforcement but flawed case resolutions are insufficient to ensure transparency and accountability

India’s economy is an ‘elephant that is starting to run’, according to the IMF

What will Germany look like after the next election?

Half the world’s population is still offline. Here’s why that matters

As G7 calls time on coal, have you checked your supply chain?

Campaign kicks off with High-level Event on #FairInternships

Could 2021 be a turning point for forests and climate change?

New UN Syria envoy pledges to work ‘impartially and diligently’ towards peace

The sustainable fashion revolution is well underway. These 5 trends prove it

Arrest of three Libyans wanted for grave crimes ‘would send strong and necessary message’ to victims, urges top Prosecutor

Rule of Law mechanism applies without further delay as of 1 January, MEPs stress

Indonesia has a plan to deal with its plastic waste problem

Rise in violent conflict shows prevention ‘more necessary than ever’: UN chief

Yemen: ‘A great first step’ UN declares as aid team accesses grain silo which can feed millions

Using CO2 as an industrial feedstock could change the world. Here’s how

Protecting European consumers: toys and cars on top of the list of dangerous products

MEPs call for the protection of fundamental values in the EU and worldwide

The West and Russia accomplished the dismembering and the economic destruction of Ukraine

WHO chief underscores need to address climate change following visit to Bahamas

After the George Floyd protests, what next for racial justice in the US?

80,000 youngsters at risk in DRC after forcible expulsion from Angola: UNICEF

Don’t take African generosity towards refugees for granted, says UN refugee chief

Humanitarian action: New outlook for EU’s global aid delivery challenged by COVID-19

Food choices today, impact health of both ‘people and planet’ tomorrow

From DIY editing to matchmaking by DNA: how human genomics is changing society

How global tech can drive local healthcare innovation in China

Here’s why the tech sector could be the next target for Chinese investment in Africa

Is South Korea set to lose from its FTA with the EU?

Artificial Intelligence raises ethical, policy challenges – UN expert

The future of manufacturing is smart, secure and stable

European Semester Autumn Package: Bolstering inclusive and sustainable growth

Can the world take the risk of a new financial armageddon so that IMF doesn’t lose face towards Tsipras?

GSMA Mobile 360 – Africa: Rise of the Digital Citizen, Kigali 16 – 18 July 2019, in association with The European Sting

Universal Health Coverage will ‘drive progress’ on 2030 Development Agenda

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: