Why SMEs need to change their perspective on cybersecurity

A recent report from the World Economic Forum explored how small and medium-sized enterprises (SMEs) can turn cybersecurity risk into an opportunity. We recently wrote about why securing small businesses is good for everyone – protecting third party providers at every level of a supply chain in order to enable a better overall security posture for every organisation in that chain. 

And we’re not alone in renewing our focus on the importance of security for SMEs; because as Akhilesh Tuteja (Global Cyber Security Leader at KPMG) noted in that World Economic Forum report, “the size of an enterprise no longer dictates its vulnerability to cyber threats.” Threat actors are targeting smaller businesses, identifying them as weak links that offer easy entry points into a network. 

What can SMEs do to improve their security and become small but strong links in global supply chains? 

SMEs must see cybersecurity as a business problem – not just a tech problem Small enterprises don’t have the same access to resources that larger organisations have. And because of this, they tend to focus on what’s immediately, obviously important (namely, sales and profit margins), and silo other aspects of business operations into small pots that sit much lower on their list of priorities. 

Cybersecurity is one of those aspects that gets compartmentalised and often neglected. Technical security systems are set up, and then forgotten about – with SMEs less likely to integrate security practices across their operations in an ongoing, dynamic way. 

This is a mistake. SMEs must change their perspective and start thinking about cybersecurity not as a technology problem, but as a business problem. 

“While understanding the technology that powers business is very important, understanding the risks it brings to business is far more important,” wrote Tuteja.

“Unlike larger enterprises that can apply a higher degree of control across the enterprise, SMEs must identify areas of relevance and create a cyber strategy for different units, data types and systems. They should also explore more mature technologies, such as cloud computing, instead of spending time trying to build, manage and maintain their own systems.”

When you integrate cybersecurity into your business strategy it creates opportunities for growth

Instead of seeing cybersecurity as a risk alone, Tuteja urged small and medium enterprises to see it as an opportunity – with a good security strategy at the heart of an overall growth strategy. 

Why? Because customers, both in B2C and B2B markets, value trust. And they’re more likely to trust a small business if it can clearly demonstrate and explain the security protocols and practices it uses to keep customer information safe. 

When we interviewed Abeer Khedr (CISO at National Bank of Egypt) for the BHMEA blog, she said that the inequity between larger cyber resilient organisations, and smaller less resilient ones, will continue to increase.

“This is a cause of concern because the less resilient companies could be our suppliers, our customers; it’s one ecosystem. This should drive our efforts in 2024 to increase awareness and support these companies on how to apply security measures and develop incident response capabilities to increase their cyber resilience.”

Cybersecurity can’t be an afterthought for SMEs – and the cybersecurity sector needs to offer opportunities for small business leaders to understand the inextricable nature of business strategy and security, and develop security practices that facilitate high growth with low risk.

Register now to attend Back Hat MEA 2024 and immerse yourself in learning directly from the leading experts in cybersecurity.