The topic of cyber security is still underestimated by many small and medium enterprises (SMEs), according to a study. In particular, there has been little progress in implementing measures to protect against hacking attacks.
This is the conclusion of a survey conducted by the market and social research institute gfs. The main finding: Swiss SMEs still see cyber security as a low priority and that long-term protective measures are implemented only hesitantly. “There is therefore hardly any progress in the fight against cybercrime,” said Simon Seebeck, head of the Cyber Risk Competence Center at the insurance company Mobiliar, at a media conference on Tuesday.
A total of 502 business leaders of SMEs were surveyed on the impact of digitalisation and cybersecurity. The survey was commissioned by digitalswitzerland, the insurance company Mobiliar, the University of Applied Sciences Northwestern Switzerland FHNW, the Swiss Academy of Engineering Sciences and the Alliance Digital Security Switzerland.
Some companies describe themselves as “digital pioneers” and are further ahead than the average in the technical and organisational implementation of security measures in the IT sector. However, such companies are becoming increasingly rare.
Specifically, about one-fifth of the SMEs surveyed had considered themselves “pioneers” in each of the previous years. In this year's survey, it was only about one tenth.
“In general, it's not just about the technical implementation of security measures,” Seebeck noted. Especially since this is usually outsourced to external IT service providers. Above all, organisational measures - such as raising employee awareness or data backup - must be taken seriously and addressed accordingly.
Large companies targeted
When asked about actual incidents, however, only around 11% of SME CEOs said they had already fallen victim to cyber criminals. A good half of those attacked had suffered financial damage.
Overall, SMEs are probably also less frequently affected by cyberattacks than large companies. According to a survey published about two weeks ago by the consulting firm Deloitte, 45% of companies with more than 250 employees have been the victim of an attack at least once. Among the SMEs surveyed, the number of companies that experienced a “serious attack” was significantly lower at 18%.