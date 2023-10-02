Contents

Many SMEs continue to take cybercrime too seriously. A new study confirms the risky carelessness.

Despite the growing threat situation, cybersecurity remains a low priority in Swiss SMEs. This is the result of a survey conducted by the market and social research institute gfs-zurich among 502 companies. A long-term comparison also shows that protective measures are only being implemented hesitantly.

“There is therefore little progress in the fight against cybercrime,” said Simon Seebeck, head of the Cyber ​​Risk Competence Center at Mobiliar, at a media conference on Tuesday.

Fewer “digital pioneers”

There are certainly companies that describe themselves as so-called “digital pioneers” and are further along than average in the technical and organizational implementation of security measures in the IT sector.

Assessment by SRF business editor Damian Rast

A significant proportion of SMEs in Switzerland are not, or still too little, aware that they too can become victims of a cyber attack at any time. There is often an attitude that they are not interesting to criminals and that there is nothing to gain. This refutes the study, according to which around one in ten small companies in Switzerland has already been successfully attacked by cybercriminals.

The passive attitude of many SMEs also has to do with the fact that cybersecurity is complex. Many SMEs in particular are overloaded and have different priorities. In addition, the type of attacks is constantly changing.

At the same time, the experts agree that technical measures such as firewalls are very important, but the main gateway remains people who need to be increasingly sensitized and trained. At the same time, many SMEs have outsourced their computer services to IT companies, which can also be the target of attacks.

But such companies are becoming increasingly rare, says Seebeck. According to the most recent survey, only around a tenth of companies are considered “pioneers”, compared to around 20 percent in previous years.

Seebeck emphasized that the efforts are generally not just about the technical implementation of security measures, which is usually outsourced to external IT service providers anyway. Above all, organizational measures such as raising employee awareness or data backup must be taken seriously and addressed accordingly.

Large companies are attacked significantly more often

However, when asked about actual incidents, only around 11 percent of SME managers said they had already fallen victim to cybercriminals. Again, a good half of those attacked suffered financial damage.

Legend: According to a new study, small companies in Switzerland are losing out when it comes to cybersecurity. Keystone/DPA/MONIKA SKOLIMOWSKA

Overall, SMEs are probably less affected by cyber attacks than large companies. According to a survey published around two weeks ago by the consulting firm Deloitte, 45 percent of companies with over 250 employees have already been the victim of an attack at least once. Of the SMEs surveyed, there were significantly fewer companies (18 percent) that had already experienced a “serious attack”.

The market and social research institute gfs surveyed 502 SME managers about digitalization and cybersecurity. This is on behalf of digitalswitzerland, the Mobiliar insurance company, the University of Applied Sciences Northwestern Switzerland FHNW, the Swiss Academy of Technical Sciences SATW and the Swiss Digital Security Alliance.

