Cybersecurity Challenges for SMEs in the EU
Marsh, a prominent global insurance brokerage and risk advisory firm, part of Marsh McLennan, has published a report shedding light on the cybersecurity discrepancies between small and medium-sized enterprises (SMEs) and larger organizations within the European Union. The report, titled ‘Why the Cybersecurity Gap Between SMEs and Large Organisations Matters’, draws attention to the hurdles SMEs face in achieving cyber resilience compared to their larger counterparts.
The study examines 320 organizations across the EU, categorizing them by annual revenue: SMEs with less than €51 million, mid-sized companies with revenues between €51 million and €250 million, and larger entities with revenues exceeding €250 million. The data, derived from Marsh’s Cyber Self-Assessment tool, evaluated the implementation of 12 essential cybersecurity control categories.
Findings and Key Insights
According to Marsh’s analysis, larger organizations exhibit more robust cybersecurity practices than SMEs, with an average implementation score of 80% for the 12 key controls, compared to 65% for SMEs. For instance, multi-factor authentication for remote access is mandated by 91% of large organizations, whereas only 75% of SMEs enforce this critical security measure.
Moreover, there is a notable deficiency in incident response plan testing among SMEs, with just 40% conducting regular tests, in contrast to 61% of larger organizations. While SMEs and mid-sized businesses have made some progress in incident response, they continue to trail behind significantly.
The report also uncovers industry-specific disparities: 85% of finance SMEs provide cybersecurity training for employees, yet only 58% in the manufacturing sector do the same.
The Importance of Insurance and Collaboration
Marsh emphasizes the urgent need for SMEs to engage with the burgeoning cyber insurance market, as many remain uninsured or underinsured, heightening their vulnerability to cyber threats. Historically, SMEs have faced challenges in obtaining adequate insurance coverage, but recent market innovations present new opportunities to bridge this protection gap.
Gamze Konyar, Head of Cyber at Marsh Europe, remarked, “SMEs are critical to national infrastructure, and their cybersecurity weaknesses can lead to financial setbacks and data breaches, threatening economic stability and eroding public trust. As a crucial element of the supply chain, they also pose potential risks to larger corporations. Enhancing collaboration is key to narrowing the cybersecurity gap for SMEs, alongside crafting insurance market solutions tailored to their needs.”
Typhaine Beaupérin, CEO of the Federation of European Risk Management Associations (FERMA), further commented, “With the ever-evolving nature of cyber threats, this report highlights the pressing need for all organizations, especially SMEs, to bolster their cybersecurity frameworks to ensure resilience.” The report calls for heightened awareness, education, and support to fortify cybersecurity practices, urging governments, industry associations, and larger organizations to provide resources and foster collaboration opportunities to enhance SME cyber resilience.
