What Europe’s SMEs need to do for a cyber-secure future

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Alba Perez Grandi, Communications Officer, ENISA & Anna Sarri, Cybersecurity Officer, ENISA & Viktor Paggio, Seconded National Expert, ENISA


  • Small and medium enterprises (SMEs) constitute 99% of businesses in the EU and face diverse cybersecurity challenges including low management awareness and commitment;
  • In a time of heightened threats and remote work, a low-security budget and lack of cyber skills can seriously impact SMEs’ competitiveness;
  • By strengthening resilience across the whole value chain, the EU can take full advantage of digital transformation and the benefits of a digital single market.

Cyberattacks against digital infrastructure are one of the most common of all existing threats to the world. According to the World Economic Forum’s Global Risks Report 2021, cybersecurity failure is perceived as the fourth most likely risk in the short term that will become a critical global threat. https://open.spotify.com/embed/episode/0uqF6UceaRIUZRaQkFnQd5

By 2025, 25 billion digital devices are expected to be connected globally. As new technologies such as 5G and artificial intelligence (AI) arise and slowly infiltrate our daily lives, prevention, cybersecurity awareness and elevated cybersecurity skills are crucial priorities for governments, the private sector and the European Union as a whole.

Short-term risks identified by the Global Risks Report 2021
Short-term risks identified by the Global Risks Report 2021 Image: World Economic Forum

A digital mindset is already visible in our societies; the COVID-19 pandemic has urged us to embrace it, building trust and helping businesses prosper in the growing digital economy. Similar to the roots that secure a tree, a strong cybersecurity framework maintains a healthy and secure online environment, where no one is left behind.

Cybersecurity is a shared mission

The pandemic has taught us that cybersecurity more than ever before is a responsibility by all groups in society. From government to businesses, citizens, schools and academia; from management to employees, we all have a role to play to protect the digital environment.

New digital behaviour for a new digital decade is critical to protect organizations and user data against the growth in malicious attacks such as ransomware or phishing and to safeguard the online environment.

The EU Agency for Cybersecurity (ENISA) strives for open and transparent governance from Athens, its headquarters and the centre of ancient heritage and codes of virtue. One of the agency’s core organizational objectives is to increase the common level of cybersecurity across Europe. Since cybersecurity has no borders, ENISA is here to help promote a culture of cyber hygiene and risk management to help SMEs protect themselves from cyberattacks.

Can European SMEs stimulate the European economy in post-pandemic times?

The European Commission acknowledges the fact that small and medium-sized enterprises (SMEs) are the backbone of the EU’s economy representing 99% of all businesses in the EU and employing around 100 million people. They also account for more than half of Europe’s GDP and play a vital role in adding value to all sectors of the EU economy.

Around 25 million SMEs are active in Europe, forming the world´s largest single market area. The pandemic has put incredible stress on these businesses. SMEs are not only navigating a new digital realm where employees work from home and business is increasingly conducted online, but also where criminals can take advantage. Since the beginning of the pandemic, there has been an increase in social engineering attacks, such as phishing emails and scams related to the COVID-19 crisis. The first months of the health crisis saw a global 667% increase in phishing attacks.

Cybersecurity threats at the beginning of the COVID-19 pandemic
Cybersecurity threats at the beginning of the COVID-19 pandemic Image: Statista

During these challenging times, many SMEs had to continue conducting business and did so by deploying systems quickly in order to continue to serve their customers rather than taking time to increase their security. Adopting cloud services, enabling staff to work remotely and allowing access to file processing made it easier to ensure business continuity.

Further steps to secure the ICT infrastructure and scale the cybersecurity measures of businesses are essential to minimize the risk of cybercriminals compromising critical data and support SMEs’ growth in a post-pandemic world.

What SMEs have learned from cyber incidents

The EU Agency for Cybersecurity conducted interviews with European SMEs to formulate evidence-based, real-life incidents that occurred during the pandemic and draw lessons learnt to overcome them.

The most common cyber incidents identified were ransomware attacks, stolen laptops, phishing attacks and CEO fraud. The latter is a decoy meant to lure a member of staff into acting upon a fraudulent email from their CEO and usually asking for an urgent payment to be made to a supplier in order to meet a project deadline.

Research and real-life experience show that organizations deal with cyber incidents in a much more efficient way than those who fail to plan or lack the capabilities they need to address cyber threats correctly.

ENISA has developed 12 basic cyber tips to secure their business:

1. Develop good cybersecurity culture;

2. Provide appropriate training;

3. Ensure effective third party management;

4. Develop an incident response plan;

5. Secure access to systems;

6. Secure devices;

7. Secure your network;

8. Improve physical security;

9. Secure backups;

10. Engage with the cloud;

11. Secure online sites;

12. Seek and share information. https://www.youtube.com/embed/ymLKVTat-IM?enablejsapi=1&wmode=transparent

The cybersecurity challenges for SMEs

To mark International Small and Medium-Sized Enterprises Day in June, besides the aforementioned basic steps, the EU Agency for Cybersecurity has published a report, Cybersecurity for SMEs, on how to better secure their systems and businesses.

The report analyses the ability of SMEs within the EU to cope with the cybersecurity challenges posed by the pandemic and determines best practices to mitigate those risks.

The main challenges identified during the interviews section of the study include low awareness of the threats posed to business by poor cybersecurity; the costs of implementing cybersecurity measures often combined with a lack of dedicated budget; the availability of ICT cybersecurity specialists; a lack of suitable guidelines aimed at the SME sector; and low levels of support from management.

The common underlying issue appears to be management awareness and commitment, which in turn drives budget, allocation of resources and effective implementation of cybersecurity practices. Cybersecurity is not an issue that should only be discussed by IT teams; it needs to make its way into boardrooms.

Of the 249 European SMEs surveyed more than 85% stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening; 57% say they would most likely become bankrupt or go out of business.

Despite this, there is a tendency to believe that cyber incidents only affect larger organizations and are, therefore, still not considered as a major risk to SMEs. It is important for SMEs to be aware of the consequences such incidents will have on their business if they occur. Many believe that cybersecurity controls included in the IT products they have purchased will be sufficient and that no additional security controls are necessary unless mandated by law.

Criticality and sensitivity of processed information as perceived by SMEs
Criticality and sensitivity of processed information as perceived by SMEs Image: ENISA

The agency´s cybersecurity advice towards SMEs focuses on three crucial areas: people, processes and technical recommendations. The aim is to strengthen resilience across the whole value chain through the application of the 12 cybersecurity principles and the report includes suggested actions that the EU Member States should consider in order to support businesses, associations and agencies in improving their cybersecurity posture.

Effective cybersecurity provides SMEs with the confidence that allows them to grow, innovate and find new ways of creating value for their customers in our online and interconnected world. Let’s support these businesses on their journey to better protection against cyber threats.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Here’s how to achieve growth in the Middle East and North Africa

UN Security Council condemns Taliban offensive as a blow against ‘sustainable peace’

Facebook and Google to treat Europe as the 51st State of the USA

European Solidarity Corps 2021-2027: First call for proposals to support youth volunteering activities

How music can help children with autism connect

To Bing or Not to Bing? That is the question

Gender equality: an issue much talked about but less acted upon

Terrorism and migrants: the two awful nightmares for Europe and Germany in 2016

Portugal can use its economic recovery to build up resilience

Pharmaceuticals spend millions to push TTIP while consumer groups spend peanuts

The EU Parliament slams Commission on economic governance

An economist explains the pros and cons of globalization

Protecting the front line: the healthcare of health professionals

State aid: Commission approves French scheme deferring payment by airlines of certain taxes to mitigate economic impact of coronavirus outbreak

Low productivity jobs continue to drive employment growth

“Fortress Europe”, “Pegida” and its laughing stocks

New challenge: Not going through “burnout” in times of quarantine

Mental and comportamental health in the pandemic context

An Easter Special: Social protection of migrants in Europe as seen through the eyes of European youth

Pharmaceuticals conceal drug side effects with the EU’s Court blessing

European Citizens’ Initiative: Commission registers ‘Mandatory food labelling Non-Vegetarian / Vegetarian / Vegan’ initiative’

Greenery: the miracle cure for urban living

Italy should boost investment in training for the future of work

Sustainable Finance: Commission welcomes the adoption by the European Parliament of the Taxonomy Regulation

Macro-Financial Assistance: Europe’s way to control Ukraine?

Companies can help build a more inclusive world. Here’s how

Joris in Indonesia

5 steps businesses can take to protect air quality after COVID-19

5 charts that show renewable energy’s latest milestone

Devastating storms like Hurricane Florence ‘unusual this far north’: UN weather agency

Inflammation is the fuel that feeds the cancer flame. So how do we fight back?

Digital democracy: a Swiss view on digital trust

Four in five adolescents failing to exercise for even 60 minutes a day, UN health agency warns

Gaza: deadly violence continues to escalate, top UN officials work to restore calm

This is Germany’s $45 billion, 18-year plan to move away from coal

‘Time is of the essence’ for refugees on Greek islands – UN agency

Huawei answers allegations about its selling prices

Break taboo around menstruation, act to end ‘disempowering’ discrimination, say UN experts

Can the whole world live in peace?

From Russia with love: Brussels and Moscow close to an agreement on Ukraine’s gas supplies

Innovations for Content Professionals at the DCX exhibition 2018 in Berlin, in association with The European Sting

EU prolongs economic sanctions on Russia by six months

Business is a crucial partner in solving the mental health challenge

UN chief welcomes event reuniting families on the Korean Peninsula

Rule of Law: Commission launches infringement procedure to protect the independence of the Polish Supreme Court

Auditors say EU spending delivers limited value for money but the timing of their report poses questions

Ebola Outbreak in Democratic Republic Congo is ‘largely contained’: WHO

Mergers: Commission refers acquisition of newly created joint venture by Telefónica and Liberty Global to the UK competition authority

Brexit: visa-free access to the EU for UK nationals and to the UK for Europeans

Statement following the European Medicines Agency review of the COVID-19 vaccine AstraZeneca

“Decisions taken in the coming weeks will shape Europe’s experience of the internet”, Joe Mcnamee from EDRi says live from European Business Summit 2015

We must rethink and repurpose cybersecurity for the COVID-19 era

Free and secure access needed in DR Congo conflict zone to tackle Ebola – WHO

Here’s what keeps CEOs awake at night (and why it might be bad news for your next job)

President Ursula von der Leyen welcomes the first official submission of a recovery and resilience plan by Portugal

THE COMMITTEES: ‘All roads lead to the Fifth’

EU summit: step up work for recovery, and update migration and asylum system

The Bavarians threaten Berlin and Brussels with immigration crisis

EU lawmakers vote to reintroduce visas for Americans over “reciprocity principle”

EU helps tackle air pollution in Kosovo with €76.4 million

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s