Cybersecurity and SMEs is a hot topic that has found several difficulties to have a happy ending. Among other issues, some of the more critical ones are the lack of expertise of the SMEs in cybersecurity solutions and functionality, the budget issues, and how to integrate any solution in their day-to-day life. Aiming to fulfil these gaps, the SMESEC project works in an approach that facilitates the adoption of cybersecurity by SMEs in an easy-accessible and budget-friendly way.
SMEs are one of the more important aspects of business in Europe. The European Commission, due to this importance, has defined SMEs with two different ranges: either the size (less than 250 employees) or turnover/balance sheet. Due to this classification, SMEs represent 99% of all businesses in the European Union, with more than 25M organizations in 2018 [1]. They work in very different areas, ranging from support to public administrations to energy distribution or development of cybersecurity solutions.
Regarding the digital transformation and its relation with SMEs, they are the ones that have the most to gain with it. It allows them to level, from the technological point of view, to be in the same playing field as larger organizations. For example, adopting cloud technologies allows them to offer the services online, so they can reach an even bigger number of customers. Another benefit is that once they start adopting digital services, they usually continue with more. When they learn how useful it is for their day-to-day life and the impact in business, they tend to continue exploring more technologies. Finally, digitalization means better communication and work tools, new approaches for old businesses, and improved ways to communicate with customers and employees. All of this has an impact on the business (profitability and competitive), organization and communication (updated and clearer processes and distributed decisions), and the growth of the company (attracting new talent and opening new frontiers).
Even though all of these benefits, the primary goal of SMEs is not to go digital. One could wonder why if it brings so many perks and profit, they are so reluctant to adopt it. The answer is the view they have of this paradigm: digital services are expensive (more oriented to medium-large enterprises), digitalization requires experts (and expertise), and, finally, cybersecurity.
Cyberattacks are one of the main issues for SMEs...and they are the main target of malicious attackers. In 2019, 43% of the cyberattacks targeted small businesses [2]. The attacks detected were of very different natures: hacking (52%), social attacks (33%), malware (28%), etc. This shows how it is not necessary to have only technical solutions updated and ready in the organization but also have your employees aware and mindful about cybersecurity. As why are they the main target it is easy to understand: they have more resources that could provide benefit to attackers than a person and has way less protection than a large organization. So, if you have a digital presence, you are a target. Maybe not today, but tomorrow.