Research reveals challenges and opportunities around cybersecurity in Dutch SME sector
There are significant concerns among SMEs about cyber threats and their impact on their organisation, according to research by Censuswide. Among managers in SMEs, 39% say that some form of security breach could be fatal to their brand. Reputational damage (37%) and a drop in revenue (34%) are also consequences to be avoided at all costs. A third are even more worried now than they were a year ago, and those worries are justified as it turns out, as those surveyed have worryingly experienced some form of security breach.
The survey, which Sharp commissioned from independent research firm Censuswide, found that the cyber threats faced by SMB organisations were mainly computer viruses (29%), phishing (35%), malware (29%), data loss (31%), password attacks (31%) and cloud security problems (26%).
IT investments miss intended target
Companies are investing heavily in IT. 42% of SME organisations even increased their IT investments - despite inflation - by 2023, yet more than two-thirds still feel inadequately prepared to address security risks. And that number is presumably still on the low side as security concerns still lag behind actual incidents. For example, 35% say they have experienced phishing in the past, while only 15% worry about having to deal with it in the future. The question then becomes whether there really will be so many fewer cases of phishing because companies are investing in IT, or whether perhaps SME managers are underestimating the problem and should be more concerned.
Peter Hoorn, Managing Director at Sharp Benelux: "We see, for example, that only 33% of SME managers use multi-factor authentication, something that is, among other things, essential for the basis of good data security. We therefore think that after IT investments, companies think they are more secure than they probably are. Companies do invest in IT, but they do not always know what is a priority. Essential elements are then missing, for example, or do not work well together. Moreover, the nature of threats is constantly changing and becoming more extensive and complex. Identifying and tackling threats day in and day out is already quite a task for an experienced IT expert, but if you consider that SMEs often have no IT knowledge or capacity in-house at all, you can imagine that it is extra overwhelming for organisations to put and keep their security in order."
More awareness in SMEs for cybersecurity
With the results from the survey, Sharp hopes to put the topic on the map and create awareness among SMEs about their cybersecurity. This is not so much about the value of investment - SME organisations seem to be aware of that - but about the importance of making the right investments.
Companies within the SME sector still have too little insight into which software and hardware they really need as an organisation. Horn: "Knowledge, expertise and advice play a crucial role here to create a truly secure IT environment within organisations. In the absence of these elements, companies may mistakenly believe themselves to be secure or not know what they can do to change the situation. This is an easily overcome problem, and we want to make organisations aware of it."