Small and medium-sized businesses least prepared in cybersecurity are targets for cyberattacks

The cyber security It remains one of the main duties of Small and medium-sized companies. only he 2% of SMEs in Spain are considered “internet experts”, according to Hiscox Insurance’s Electronic Readiness Report. This term refers to companies that have a demonstrated level of maturity regarding the implementation of cybersecurity measures, tools, and protocols.

The data presented by the study suggests that companies committed to improving their levels of readiness in this area are also less offensive. specific, The least mature cybersecurity SMEs received an average of 28 cyber attacks in 2021, compared to 3 attacks by the most prepared companies. In other words, “cyber novices” received nine times more cyber attacks than “internet experts”.

Small and medium businesses “online beginners”, as the study describes them, do not have the ability to respond quickly and effectively to a cyber incident in order to ensure business resilience.

In this sense, the report indicates that 34% of Spanish SMEs are immature, and 64% are medium.

To determine this degree of maturity in terms of cybersecurity, the study analyzes the response of SMEs in terms of processes, technology, and people. It takes into account resilience, password and encryption policies, identities and access, trust, security and information events, as well as threats and vulnerabilities.

Consequences of the immaturity of SMEs in cybersecurity: a loss of trust

The consequences of experiencing a cyber attack are well known to those who have experienced it. In the case of SMEs, like any other company or entity, costs are measured not only in economic terms, but also in reputation, image and even legal.

Beyond that, the study suggests that One in four small and medium-sized “cybernewbies” have lost customers as a result of a cyber attack. Something that does not happen in the case of companies that show a higher degree of preparedness.

This immaturity also affects recovery after a security incident since then 17% took more than three months to return to a full normal state.

It won’t happen to me

It is one of the most pervasive myths in cybersecurity, and in the case of SMEs even more so. Who would attack me if I wasn’t one?

Wrong approach, far from reality, because SMEs in fact They have become a target for cybercriminals.

But this trend is also shown in the Hiscox report, which reveals that Spanish SMEs that are less mature in terms of cybersecurity are also those that believe that their risks have not increased. in this range. 70% of these believe that the risk of an accident has persisted over time.

This is reflected in budget for cyber securityWhereas in the case of the least experienced it remains 22.7%. In the case of the most mature SMEs, it amounts to 26% of their budget.