Small and medium-sized enterprises (SMEs) represent about 90% of businesses and provide more than 50% of employment worldwide, according to the World Bank.
The European Commission says SMEs represent 99% of all businesses in the European Union, employ around 100 million people, and contribute half of the bloc’s gross domestic product; while in the United States, the country’s 30 million SMEs account for nearly two-thirds of net new private sector jobs in recent decades. In Germany, the specialist businesses of the famous Mittelstand are widely regarded as a model of resilience and innovation.
According to the World Economic Forum, although SMEs account for 95% of all registered businesses and contribute about 50% to the total GDP of sub-Saharan countries, entrepreneurs still face significant obstacles to growth and prosperity, which go beyond the traditional barrier of acquiring finance.
In South Africa, SMEs contribute around 34% to the GDP and play a vital role in the economy as drivers for reducing unemployment. SMEs contribute 48% to Nigerian GDP, making them a critical driver of economic growth and development. In Kenya, SMEs constitute 98% of all business and create 30% of the jobs annually as well as contribute 3% of the GDP. Over 90% of business enterprises in Ghana are SMEs.
It’s no wonder so many world leaders describe SMEs as the ‘backbone’ or ‘lifeblood’ of the economy.
Yet, for all their agility and dynamism, SMEs are vulnerable to economic shocks and uncertainty. The World Economic Forum believes 67% of smaller and mid-sized businesses are fighting for survival, in part because of the intense short-term business pressures they face, their limited expertise, and resource constraints.
And according to the 2023 Allianz Risk Barometer, an annual survey that identifies the top corporate risks as voted for by firms around the world, one of the major causes of financial disruption that SMEs fear the most is a serious cyber incident. This ranks as the top risk for small-size companies (31% of respondents), while for mid-size companies, it is their second top concern (29% of respondents), ranking just behind the closely interlinked peril of business interruption.
An increasing sweet spot for hackers
For SMEs, the cyber risk threat has intensified, not only due to the COVID-19 pandemic and the switch to remote working and digitalisation, but also because of their growing reliance on outsourcing for services including managed IT and cybersecurity providers, given these firms often lack the financial resources and in-house expertise of larger organisations.
As larger companies have ramped up their cyber protection in recent years, criminals are increasingly focusing their attention on smaller businesses. According to Mastercard’s RiskRecon, data breaches at small businesses globally rocketed 152% in 2021, while breaches at larger companies during the same time period rose by 75%. More than half (54%) of SMEs in the United Kingdom experienced some form of cyberattack in 2022, up from 39% in 2020, according to Vodafone.
SMEs are less able to withstand the business interruption consequences of a cyberattack. If a small company with poor controls or inadequate risk management suffers a significant cyber incident, there is a chance it may not survive in the long run.
In recent years, progress has been made, and there has been good collaboration between insurers, brokers and clients, but more awareness of, and risk management education about, cyber risk is needed, and the insurance industry has a responsibility to help smaller companies with this process.
Deploying detection software
“To effectively address cybersecurity challenges, SMEs should remain vigilant and have a clear understanding of the risks involved and allocate ample resources in terms of personnel, IT infrastructure and budget to implement the required security measures,” says Rishi Baviskar, global head of Cyber Risk Consulting at Allianz Commercial.
“Initiating a conversation with an MSSP [Managed Security Service Provider] can serve as an excellent initial move, allowing for the creation of an IT budget and strategy tailored to the business’s specific priorities.”
Businesses can take a proactive approach to tackling cyber threats by ensuring their cybersecurity strategy identifies their most crucial information system assets. Then, they should deploy appropriate detection tools and techniques tailored to uncover and nullify potential threats attempting to gain network access. “These measures encompass the use of detection and monitoring software, both at the network perimeter and on endpoints, often involving collaboration with cybersecurity service partners,” Baviskar adds.