Cybersecurity is not just an issue for technology companies; it is crucial for any type of business. There is a misconception that only large corporations that manage huge volumes of sensitive data need to worry about this issue. However, companies of all sizes and sectors can be targets of cyberattacks.
According to the National Institute of Cybersecurity (INCIBE), in 2023, more than 22,000 companies in Spain were victims of cybersecurity breaches. Of these incidents, 43% affected SMEs. In addition, a study carried out by ISACA revealed that 47% of SMEs lack a formal cybersecurity incident response plan and 36% do not offer cybersecurity training to their employees, making them increasingly attractive targets for cybercriminals.
43% of attacks affect SMEs and 36% do not have staff trained in cybersecurity
The financial and reputational consequences of cyberattacks can be devastating for these companies. In fact, another study indicates that the average cost of a cyberattack for an SME in Spain ranges from 35,000 to almost 200,000 euros, an amount that could lead to the closure of the business. In addition, 60% of those who suffer a cyberattack end up closing their doors within six months of the incident.
Chris Dimitriadis, Global Strategy Director at ISACA, said: “Leading change is not just up to leaders – digital trust practices must be implemented and aligned across all departments to be successful. ISACA’s survey has highlighted that businesses are unsure of what they can do to improve digital trust, but working with a specialist partner who can provide a step-by-step framework and assist with digital trust training can put the business on the right path to success and security.”
Cybersecurity in SMEs
To help SMBs protect themselves against cyberattacks, ISACA suggests being aware of common threats such as phishing, BEC, malware, insider threats, and password attacks. Conducting risk assessments, implementing security measures such as firewalls and antivirus, and keeping systems up to date are essential steps.
Additionally, training staff on cybersecurity practices and establishing an incident response plan are key to effective defense. Adopting robust cybersecurity measures helps protect assets, maintain customer trust, and ensure business continuity.