Are SMEs ready for the growing cyber-threat?
SIDN Panel responds to recent research
The number of cyberattacks on SMEs is rising. Not just in the Netherlands, but worldwide, as highlighted by the Global State of SMB Cybersecurity Study 2019. The study was based on a survey of 850 professionals in five different countries, most of whom thought higher investment in cybersecurity would be needed in the year ahead. Hot on the heels of that publication came a report by BDO Advisory, highlighting the vulnerabilities of SMEs. BDO's scan of 300,000 websites detected weaknesses in more than half.
So, are businesspeople aware of the threats and do they know what to do if they come under attack? For answers, we turned to the SIDN Panel: several dozen entrepreneurs, all with an active internet presence. What are they doing to defend against cybercrime? Of the twenty businesspeople on the panel, nineteen said that they had recently taken steps to stay safer on line. And six reported actually coming under cyberattack in the last year.
Business community knows how to respond
Businesspeople do think about security. That much is clear from the way our panellists responded when asked what they would do in a variety of cybercrime scenarios. They didn't have to think long before answering, and most said they had off-network backups, enabling them to quickly isolate infected machines and networks. Those who had recently suffered attacks were particularly well versed on response strategies, and were quite willing to take drastic action.
Cyberattacks are an everyday challenge
Notably, the panellists were quite open about the risks, saying that they were happy to talk about hacks that were potentially visible to the outside world (hacked sites and social media-accounts). Informing customers and business partners was seen as the priority. What's more, panel members said that they would be reluctant to end their business relationship with a firm that had come under attack. Anyone could fall victim to cybercrime, they felt.
Most SMEs don't have a regular cybersecurity service provider
Few smaller businesses have a cybersecurity specialist on the payroll, or a regular outside service provider. Suitable people are hard to find, and in great demand. Only two members of our twenty-strong business panel reported having a regular cybersecurity service provider. Almost all said that they would look for one if they hit a problem they couldn't resolve themselves. Whether they could actually find someone if the need arose is another question.
New services under development
Cybersecurity services for SMEs are still in their infancy. That's why we have been investing in the development of CyberSterk, a cybersecurity solution for SMEs.