The High Cost of Neglecting Cybersecurity for Small and Medium Enterprises (SMEs)
Small and medium-sized enterprises (SMEs) face a constant threat of cyberattacks, despite many believing they are off the radar of cybercriminals. The reality is that falling victim to such crimes can damage reputation and even lead to business closure.
According to a study by Kaspersky, 4 out of 10 SMEs are victims of phishing, a digital fraud that tricks users into sharing confidential information, such as passwords and bank details.
Toño Arellano Ibáñez, co-founder and CEO of Delta Protec, highlights that the lack of cybersecurity is primarily due to two situations:
- A culture centered around the belief that the company will not be targeted by cyberattacks
- Insufficient investment in systems that safeguard the company
The problem is cultural; many SMEs think they will never be affected by a cybersecurity incident,” advises Toño Arellano.
The Cost of Negligence
The economic impact of a cyberattack can be devastating, with Kaspersky data indicating that losses, including reputational damage and operational impacts, can reach up to $155,000.
“The most impactful risk for a company is the reputational one. If trust is lost, the relationship with clients and suppliers is lost,” warns Arellano.
Common attacks include ransomware, which holds information hostage for a ransom, phishing via false emails or messages, and Business Email Compromise, where a senior executive’s identity is impersonated to manipulate transfers or sensitive information.
Today, even voices are being cloned using Artificial Intelligence to deceive employees handling financial resources,” alerts the expert.
In the context of Cybersecurity Awareness Month celebrated every October, the expert suggests that SMEs establish internal processes when handling sensitive information, such as bank transactions. For example, using key words or implementing tools to activate approval flows.
A Leadership Issue
In many SMEs, information responsibility falls directly on the founder or owner, complicating their management. Therefore, Arellano recommends assigning a technology or digital security manager.
“We recommend that the cybersecurity area have complete independence and autonomy. Although it initially depends on the technology area, over time, it should evolve. Ultimately, cybersecurity is not just technology; it depends on human and business processes,” Arellano clarifies.
Secure Your SME from Cyberattacks
Most SMEs lack internal protocols to respond to incidents, but significant investments are not needed to prevent a cyberattack. It can start with employee training, otherwise the entire organization could be compromised.
The expert emphasizes that protecting information is no longer optional: “Cybersecurity is not solved overnight; it’s a process that takes time, continuous training, and education.”
Basic measures to implement include establishing internal processes to validate transfers or share sensitive data, implementing two-factor authentication and password managers, avoiding free software that can be vulnerable, and maintaining regular backups and updates.
SMEs that do not prioritize this issue may face irreparable economic and reputational costs. “Today, more than ever, it’s crucial to secure operations because the cost of not doing so can lead to bankruptcy,” Arellano concludes.
Key Questions and Answers
- Question: Why are SMEs targeted by cyberattacks?
- Question: What are the common types of cyberattacks faced by SMEs?
- Question: What is the economic impact of a cyberattack on SMEs?
- Question: How can SMEs protect themselves from cyberattacks?
- Question: Why is leadership crucial in cybersecurity for SMEs?
Answer: Despite believing they are off the radar, SMEs face constant threats due to a culture of believing they won’t be targeted and insufficient investment in cybersecurity systems.
Answer: Common attacks include ransomware, phishing via false emails or messages, and Business Email Compromise where a senior executive’s identity is impersonated.
Answer: The economic impact can be devastating, with potential losses reaching up to $155,000, including reputational damage and operational impacts.
Answer: SMEs can start by implementing basic measures such as establishing internal processes for sensitive data, using two-factor authentication, avoiding vulnerable free software, and maintaining regular backups and updates.
Answer: Assigning a dedicated technology or digital security manager, providing them with complete independence and autonomy, is essential for effective cybersecurity management.
