Assessing and evaluating the cyber-readiness of EU MSMEs

Results and findings from the Cyber MSME Project

Cybercrime is the fastest-growing form of criminal activity and appears to be targeting a specific segment of our economies. According to the latest figures, the economic impact of cybercrime rose fivefold between 2013 and 2017, and microenterprises and SMEs (MSMEs) – the backbone of the EU economy – are disproportionally impacted by the phenomenon.

Despite MSMEs being the most vulnerable group to the growing threat posed by cyberattacks, MSMEs are very seldom aware of the risks they face, let alone be prepared for them. In 2019, an industry report estimated that 66% of senior decision-makers in small businesses believe they are unlikely to be a target of online criminals (Keeper), whereas UNIPOL calculated that 14% of MSMEs are prepared to tackle cyber threats (2018).

The European Commission acknowledged the pressing need to equip micro and small businesses with competences and tools to tackle cyber threats to make them more resilient in case of cyber-attacks. Not only are “skills shortages” already “hindering SMEs”, but also these are expected to grow in the future, to the point that “Europe will face a projected skills gap of 350.000 cybersecurity professionals by 2022”.

Throughout 2021, Cyber MSME’ partners carried out a detailed and very comprehensive report which highlighted:

  • State of MSMEs’ cyber-threats preparedness and awareness
  • Identification of best practices as regards MSMEs support in the area of cybersecurity
  • Further recommendations in the domain of innovation and competitiveness for private sector

Key takeaways concern the overall lag of EU MSMEs in terms of awareness of and preparedness to deal with proliferating cyber-threats, among the most common and “pressing” challenge cited by literature. Other structural challenges that undermine greater preparedness of the MSMEs also include low cybersecurity awareness of the personnel, inadequate protection of critical and sensitive information, lack of budget, lack of dedicated IT and cybersecurity specialists, and lack of suitable cybersecurity guidelines specific to SMEs.

For more information, please consult the mapping section of the official Open Educational Resource Platform of the project.

Users can access the platform and navigate project’s content completely for free. Soon, partners will upload the training content and educational material (i.e. Cyber MSME’s toolkit) developed on the premises of aforementioned findings. Ppartners identified the preliminary structure of the toolkit properly fine-tuned to accommodate the results of mapping and common needs-assessment/skills-gap.