SMEs Struggle to Keep Up with Cybersecurity Standards
Small and medium-sized enterprises (SMEs) in the European Union are falling behind larger organizations in cybersecurity, according to a new report by Marsh in collaboration with the Federation of European Risk Management Associations (FERMA). The report, Why the Cybersecurity Gap Between SMEs and Large Organisations Matters, reveals that SMEs implement cybersecurity controls at significantly lower rates than large enterprises, exposing them to heightened cyber risks due to the cybersecurity gap in SMEs.
Stark Disparities in Cyber Resilience
The report assesses cyber resilience across three categories of businesses—SMEs (revenues under €51 million), mid-cap firms (€51 million to €250 million), and large organizations (over €250 million). The analysis finds that large organizations lead in adopting cybersecurity measures, leaving a cybersecurity gap in SMEs and making them vulnerable to cyberattacks and supply chain disruptions.

Key Findings from the Report:
- Multi-Factor Authentication (MFA): 91% of large organizations require MFA for remote login, compared to only 75% of SMEs.
- Incident Response Plan Testing: 61% of large organizations test their cyber incident response plans, but only 40% of SMEs do the same, reflecting another aspect of the cybersecurity gap in SMEs.
- Cybersecurity Training: In the finance sector, 85% of SMEs mandate employee cybersecurity training. In comparison, only 58% of manufacturing SMEs require similar training.
SMEs face an urgent need to enhance their cybersecurity posture in order to protect operations and the digital ecosystem beyond themselves, closing the cybersecurity gap in SMEs.
The Ripple Effect on Society and Supply Chains
SMEs are a crucial part of the European economy, accounting for over 99% of businesses. Their cybersecurity weaknesses can have far-reaching consequences. The report warns that:
- Economic stability is at risk: Cyberattacks on SMEs can lead to financial losses, business disruptions, and even bankruptcy, affecting job creation and economic growth.
- Supply chains are vulnerable: SMEs often serve as suppliers to larger firms. A breach in a small business could compromise the security of major corporations, leading to cascading disruptions.
- Data breaches pose privacy concerns: SMEs handle sensitive customer data, making them attractive targets for hackers. Data breaches can lead to identity theft and financial fraud.
Cyber Insurance Can Strengthen Resilience
The report emphasizes that organizations with cyber insurance tend to have stronger cybersecurity practices. That makes sense. But it also notes, SMEs face several barriers to obtaining coverage. They include; high costs, complex policies, and a lack of awareness.
To address this, insurers and policymakers must work together to:
- Simplify cyber insurance procurement for SMEs.
- Offer incentives for businesses that adopt strong cybersecurity controls.
- Develop industry-wide cybersecurity standards tailored to SMEs.
Bridging the Cybersecurity Gap in SMEs
The report urges policymakers, industry leaders, and insurers to take collective action to support SMEs. One idea is that public-private partnerships can provide funding, training, and resources to help SMEs strengthen their cyber defenses and address the cybersecurity gap in SMEs.
As cyber threats continue to evolve, enhancing SME cybersecurity is not just a business priority. When we consider the scale and scope of our digital reality, security and resilience become an imperative beyond any one organization or industry. European businesses can build a more secure and resilient digital economy by closing the cybersecurity gap in SMEs.
Other News: C-suite Cybersecurity Gap Leaves Businesses Exposed(Opens in a new browser tab)