Cybersecurity: why are SMEs more vulnerable?

A 2016 study by Verizon found that 60% of companies that are victims of cyberattacks are SMEs. And in France, 60% of SMEs who were targeted by cybercriminals were forced to file for bankruptcy in the same year, according to the CCI. Small- and medium-sized businesses are no less at risk than their larger counterparts. On the contrary, their vulnerability often makes them prize targets. Let’s see why.

1. Shortcomings in the company’s cybersecurity strategy

Businesses with under 50 employees don’t go unnoticed by hackers and fraudsters. In 2019, the CPME noted that 40% of France’s SMEs had been a victim of at least one cyberattack. And even though 3/4 of them claim to educate their staff on cybersecurity (but only 44% on an annual basis), less than 4 out of 10 have appointed a cybersecurity official. The same number, i.e. less than half, have installed cybersecurity software that includes an antivirus, firewall and anti-spam. Can we blame them? “SMEs with under 50 employees rarely have a dedicated IT department”, highlights Régis Rocroy, founder of Ozon. “All it takes is one person to disable the software on their computer, or to not perform security updates because they have work to do, and the company’s entire system is left defenceless.”

Antivirus and anti-spam software used by SMEs rarely covers all forms of attack

2. Inadequate protection

Phishing, malware and ransomware are the three most popular types of cyberattacks against SMEs according to the CPME. These methods are the most profitable for cybercriminals since they allow them to steal bank data or demand a ransom without the hassle of exploiting website vulnerabilities. And they work because SME’s are much less equipped to tackle such attacks than larger businesses. Their antivirus and anti-spam software rarely covers all forms of attack — and that’s if they are actually set up correctly to begin with. “Proper cybersecurity not only requires technology, but also expertise and best practices”, explains Régis Rocroy. “The market’s solutions are often too fragmented, and SMEs don’t have the resources to deal with cyber threats in house, since keeping up with the cyberthreat landscape needs ongoing investment.”

3. Immediate economic repercussions

The other main difference between SMEs and larger businesses in terms of cybersecurity vulnerability is their ability to recover. While a major company’s size and financial backing will ensure it is capable of offsetting any financial losses, the same cannot be said for an SME. The IT downtime will put added pressure on the treasury and increase the risk of bankruptcy, especially in times of economic uncertainty. A cyberattack is often the final straw that brings a struggling company to its knees. Only 17% of businesses with under 50 employees were insured against cyberattacks in 2019 according to the CPME. “Our cybersecurity solution for SMEs includes cyber insurance with Swiss Re” adds the Ozon founder. “In particular, it covers cyber incident management, including revenue loss.”

An SME concerned about safeguarding its data should choose a European-based environment

4. The risks of sovereignty

Cyberthreats can come in all shapes and sizes. This includes state espionage, which is not only a risk for public authorities or major businesses. Any data stored by SMEs using American services, such as those offered by GAFAM, is subject to the Patriot Act and the Cloud Act. These laws authorise the American government to access companies’ personal data, even if the server is located outside the USA! Incidentally, Huawei and Kaspersky are also frequently accused of spying on behalf of China and Russia. An SME concerned about safeguarding its data should choose a European-based environment that is subject to the GDPR. Ozon’s cybersecurity solution is tailored to SMEs and uses European technology from F-Secure (Finnish antivirus) and Vade Secure (French anti-spam). It offers comprehensive protection against cyberthreats through automatic cyber risk management that is updated in real time. Test your company’s vulnerability now with the SME CyberCheck!