SMEs can turn cybersecurity risk into opportunity. Here's how

In today’s digital landscape, the size of an enterprise no longer dictates its vulnerability to cyber threats. Cybercriminals often target smaller companies that serve larger clients, exploiting weaker security measures as a gateway to more lucrative targets. Small and medium enterprises (SMEs), serving regulated industries, critical infrastructure and large global corporations, are particularly at risk

The risk profiles of smaller companies change dramatically with growth and expansion. Take, for example, a small company that started out by printing business cards, grew into making plastic and smart cards and later started a small unit developing sim and e–sim cards. While the revenues and profits of this company did not change dramatically, its cyber risks and the number of cyber attacks it witnessed grew exponentially. This points to a simple fact: regardless of size or revenue, any organization dealing with sensitive data or having access to systems operated by large corporations, must start prioritizing cybersecurity. Failure to do so not only threatens the company internally, but also the wider ecosystem it operates in.

This year’s Global Cybersecurity Outlook Report 2024 further strengthens this argument. According to the report, while the response to cyber-attacks continues to improve, more than 30% of organizations report a reversal in their abilities to deal with these attacks.

SMEs worldwide are grappling with cybersecurity challenges. For these smaller organizations, budget constraints often hinder the implementation of comprehensive cybersecurity policies. The lack of trained professionals further exacerbates the issue. Moreover, at a fundamental level, low awareness of cybersecurity threats and measures within organizations leads to weak protection strategies and insufficient security protocols. At a macro level, the absence of tailored policies for the SME sector leads to further disparity in effective protection strategies. As SMEs integrate into the global digital ecosystem, they encounter new risks and vulnerabilities that must be dealt with.

A roadblock for SMEs to start thinking about and investing in cybersecurity stems from the perception of it as a technology problem; in fact, it is a business problem. While understanding the technology that powers business is very important, understanding the risks it brings to business is far more important. The classical approach of looking at historical events and predicting future risks is ineffective when it comes to cyber risks. Effective risk management, hence, turns out to be a crucial starting point in thinking about cyber security. Unlike larger enterprises that can apply a higher degree of control across the enterprise, SMEs must identify areas of relevance and create a cyber strategy for different units, data types and systems. They should also explore more mature technologies, such as cloud computing, instead of spending time trying to build, manage and maintain their own systems. SMEs can achieve world-class enterprise-grade outcomes just by choosing the right technology technology and by establishing the right level of accountability for the same

Artificial Intelligence (AI) has been another game changer when it comes to cyber security. With the advent of deepfakes, it may seem as though it continues to benefit more bad actors than good, but that is simply a function of the time. Historically, the cybersecurity community has been one of these pioneers in using AI and machine learning. For example, the email spam filter, a technology that was mastered decades ago, uses machine learning models to classify email by looking at its content, to say whether it should get delivered to the inbox or not. Today AI solutions are coming into play that are defending against cyber attacks.

One can look at deepfakes to understand this better. Phishing is now about sending a deepfake video alongside a synthetic voice; however, technology today can detect these fakes. AI against AI will identify whether a particular video can be trusted or not, and whether a particular sound can be trusted or not.

Other examples of AI being used to help improve cyber security include detecting breaches in data much faster, and also for education that helps manage the skill gap in SMEs by not just classroom learning, but by practical application.

Cybersecurity must also be looked at as a growth opportunity and not just as a risk. An effective cyber strategy is an important driver of trust. Customers value the importance of trust while doing business with small companies and are more likely to do business with companies that demonstrate effective and responsible use of technology and data. However, it is necessary to keep the total cost of security in mind when building a cyber security strategy. If not managed effectively, the cost of technologies like cloud and AI can grow dramatically.

Lastly, government policies and industry collaboration can help narrow down the cyber skills gap, thus improving overall security. Imparting cyber skills as early as in school will not only protect young vulnerable kids but will also create a foundation for a large pool of cyber talent. Further, there is also a need to expand the talent pool by not simply limiting it to STEM professionals but also to include people coming from diverse educational backgrounds and skills. To do so, governments should incentivize careers and opportunities in the domain of cybersecurity and awareness. One method of doing so is through the Corporate Social Responsibility obligation for large companies, leveraging that money for cyber security skill development.

By combining these measures, governments and policymakers can make a real difference in the cybersecurity landscape for SME businesses and their customers — and they can do so in a relatively short time.

Join the World Economic Forum's SME Digital Membership, specially designed to give smaller companies a powerful edge with access to advanced intelligence tools, an unparalleled network of experts and exclusive virtual events on topics of global significance: https://www.weforum.org/join-us/sme/