Cybersecurity for SMEs - Challenges and Recommendations (2021)
In response to the COVID19 pandemic, the European Union Agency for Cybersecurity (ENISA) analysed the ability of small and medium-sized enterprises (SMEs) within the EU to cope with the cybersecurity challenges posed by the pandemic and determining good practices to address those challenges.
According to the publication, the COVID19 crisis showed how important the Internet and computers, in general, are for SMEs to maintain their business. In order to survive the pandemic and to continue in business, many SMEs had to take business continuity measures such as adapting to cloud services, upgrading their internet services, improving their websites, and enabling staff to work remotely.
This report highlights how many of the existing cybersecurity challenges were exasperated further by the impact of the COVID19 pandemic and are now more critical to mitigating. The recommendations outlined in this report to enable SMEs to address these cybersecurity challenges are shaped towards this direction. The recommendations in this report were developed based on extended desktop research. This research was augmented by a two-month-long survey, where 249 European SMEs shared their feedback on their state of digital security and preparedness for crises such as COVID-19, and targeted interviews with selected participants followed.
The research identified that the greatest challenges for SMEs are low awareness of the threats posed to their business by poor cybersecurity, the costs of implementing cybersecurity measures often combined with a lack of dedicated budget, the availability of ICT cybersecurity specialists, a lack of suitable guidelines aimed at the SME sector, and low management support.
This report provides cybersecurity advice for SMEs, but also proposals for actions that Member States should consider in order to support SMEs improve their cybersecurity posture. It is accompanied by a guide, providing SMEs with practical 12 high-level steps on how to better secure SMEs' systems and their business.