1. Shortcomings in the company’s cybersecurity strategy
Businesses with under 50 employees don’t go unnoticed by hackers and fraudsters. In 2019, the CPME noted that 40% of France’s SMEs had been a victim of at least one cyberattack. And even though 3/4 of them claim to educate their staff on cybersecurity (but only 44% on an annual basis), less than 4 out of 10 have appointed a cybersecurity official. The same number, i.e. less than half, have installed cybersecurity software that includes an antivirus, firewall and anti-spam. Can we blame them? “SMEs with under 50 employees rarely have a dedicated IT department”, highlights Régis Rocroy, founder of Ozon. “All it takes is one person to disable the software on their computer, or to not perform security updates because they have work to do, and the company’s entire system is left defenceless.”Antivirus and anti-spam software used by SMEs rarely covers all forms of attack
2. Inadequate protection
Phishing, malware and ransomware are the three most popular types of cyberattacks against SMEs according to the CPME. These methods are the most profitable for cybercriminals since they allow them to steal bank data or demand a ransom without the hassle of exploiting website vulnerabilities. And they work because SME’s are much less equipped to tackle such attacks than larger businesses. Their antivirus and anti-spam software rarely covers all forms of attack — and that’s if they are actually set up correctly to begin with. “Proper cybersecurity not only requires technology, but also expertise and best practices”, explains Régis Rocroy. “The market’s solutions are often too fragmented, and SMEs don’t have the resources to deal with cyber threats in house, since keeping up with the cyberthreat landscape needs ongoing investment.”3. Immediate economic repercussions
The other main difference between SMEs and larger businesses in terms of cybersecurity vulnerability is their ability to recover. While a major company’s size and financial backing will ensure it is capable of offsetting any financial losses, the same cannot be said for an SME. The IT downtime will put added pressure on the treasury and increase the risk of bankruptcy, especially in times of economic uncertainty. A cyberattack is often the final straw that brings a struggling company to its knees. Only 17% of businesses with under 50 employees were insured against cyberattacks in 2019 according to the CPME. “Our cybersecurity solution for SMEs includes cyber insurance with Swiss Re” adds the Ozon founder. “In particular, it covers cyber incident management, including revenue loss.”An SME concerned about safeguarding its data should choose a European-based environment