SMEs Cybersecurity

Small and medium-sized enterprises (SMEs) are the backbone of the EU's economy. They represent 99% of all businesses in the EU and employ around 100 million people. They also account for more than half of Europe’s GDP and play a key role in adding value to all sectors of the EU economy. They serve both as enablers for the digital transformation and as a core element of the EU social fabric. More information is available in the European Commission SMEs report.

The Covid-19 pandemic forced SMEs to rethink their digital mindset. They had to take business continuity measures such as adapting to cloud services, upgrading their internet services, improving their websites, and enabling staff to work remotely. ENISA interviewed European SMEs during the pandemic, the most common cyber incidents identified were ransomware attacks, stolen laptops, phishing attacks and CEO fraud. Of the SMEs, ENISA surveyed, 90% stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening, with 57% saying they would most likely become bankrupt or go out of business.

In a time of increased remote work and growing cyber threats, SMEs are facing major Cybersecurity challenges. Low-security budget, lack of cyber-skills and increase in cyber-attacks can seriously impact SME's competitiveness and compromise event the value-chain they are connected to. This is why is fundamental for SMEs to start taking the right steps to secure their business.

ENISA's role

ENISA has consistently advanced initiatives to help SMEs integrate cybersecurity into their digital environments. Over the years, the Agency has provided practical tools, methodologies, and guidance to support SMEs in addressing cybersecurity risks and opportunities. These efforts include resources on risk assessment, business continuity, cloud security, and data protection to empower SMEs with the knowledge needed to secure their operations.

Recognising the evolving cybersecurity landscape, especially during challenges such as the COVID-19 pandemic, the Agency f has intensified its focus on analysing SMEs' resilience to cybersecurity threats. ENISA continues to offer advice, good practices on cyber hygiene, and risk management strategies, aiming to equip SMEs with the means to defend against cyber threats. Additionally, the Agency has recommended actions for Member States to support SMEs in enhancing their cybersecurity posture.

ENISA has also released a series of tips to help businesses face the rapidly changing digital sphere during the pandemic: Tips for selecting and using online communication tools; Tips for cybersecurity when buying and selling online; Tips for cybersecurity when working from home; Top ten cyber hygiene tips for SMEs during COVID-19 pandemic. The EU Agency for Cybersecurity and the National Cyber Security Alliance published a joint checklist for SMES in November 2020, offering businesses on both sides of the Atlantic a basic guide to maintaining digital security. In 2021, ENISA focused in producing structured publications to support SMEs in securing employees and businesses from cyber-attacks: the report Cybersecurity for SMEs - Challenges and Recommendations, the Cybersecurity guide for SMEs - 12 steps to securing your business and the SecureSME Tool.