What will it take for SMEs to get serious about cybersecurity?

LARGE ENTERPRISES such as British Airways and Facebook make headlines when they suffer a cyberattack or get slapped by a multi-million dollar fine.

This doesn’t, however, mean that small and mid-sized enterprises (SMEs) aren’t vulnerable in the digital world. Unfortunately, SMEs continue to fail to protect their networks or even put serious thought into building a cybersecurity strategy and plan.

According to a recent survey, about 66 percent of SMEs don’t believe they’ll fall victim to a cyberattack and naturally, don’t prepare to secure their network, infrastructure, or data.

Further, only nine percent of respondents to the survey said that cybersecurity was the most important aspect of their business when compared to recruitment, marketing, sales, quality of internal tools, and contributing to social good. Nearly one-fifth of the respondents said cybersecurity was the least important.

When asked about the most prominent threat to their business, 21 percent of SMEs told surveyors that cybersecurity ranked last, after the risk of a recession, damage to reputation, and disruption to their business model.

From the looks of it, cybersecurity is something SMEs still tend to take very lightly.

Only about one in ten (12 percent), according to the survey, understand the reality that an attack is very likely, no matter how big or small the company. That number needs to rise quickly.

Vendors, in hopes of growing their business, are making every effort possible to educate SMEs about the need for better cybersecurity measures — especially with smarter solutions that hand-hold IT managers and even business owners in a do-it-yourself fashion to guide them through implementation and maintenance.

However, the gap seems to be too wide and changes are needed now. More thought needs to go into SME cybersecurity.

Regulators are definitely in-the-know as well and are working on finding ways to incentivize businesses to ensure that they’re doing everything they need to in order to secure the business in cyberspace.

In Australia, for example, the Department of Industry, Innovation, and Science, in collaboration with the Council of Registered Ethical Security Testers Australia New Zealand (CREST), have come up with a program to provide a grant of AUD2100 (US$1,420) to support small businesses taking their first-steps in cybersecurity.

However, this might not be enough incentive or encouragement, and regulators might need to get more strict — because poor cybersecurity practices followed by SMEs puts customers at risk and could cause significant damage to the economy.

One way to deal with this is to enforce strict rules around cybersecurity. The Monetary Authority of Singapore (MAS), for example, has recently issued certain notices around Cyber Hygiene affecting businesses operating in the country’s financial services industry.

Some of these businesses, such as broking houses and advisory firms, also qualify as SMEs — and the notice, being legally binding, ensures that business owners and leaders start assessing their cybersecurity needs and making the right investments before there’s a breach.

What Singapore is doing in its financial services industry might be replicated across the country by other agencies and departments, and by other countries. However, the bottom line is, SMEs need to wake up to the reality that they’re vulnerable and need to protect themselves effectively in cyberspace. Now.

---

---

---

---