Many Small Companies Fail to Adopt Cybersecurity Measures
Sweden Secure Tech Hub; is a consortium of six Swedish science parks: Ideon Science Park, Kista, Blu Science Park, Lindholmen, Luleå, and Linköping. Sweden Secure Tech Hub at Almedalen presents findings from a survey made amongst Swedish tech companies regarding cyber security readiness.
On stage at Science Park Gotland, Katarina Berglund, Västerås, Mälardalens Universitet speaking to Lena Miranda, CEO of Linköping Science Park.
Altogether we house and support 2600 companies in our environments, says Lena Miranda. We work together to strengthen the cybersecurity capacity among companies, to secure that our companies are more resilient.
Led by Lindholmen, supported by two master students from Chalmers, the consortia recently carried out a major survey to understand more about preparedness and awareness among small and medium-sized companies regarding cybersecurity.
Respondents are 370 tech companies within our environments. The reason we focus on tech companies, is that they are key to the digitalization fo companies in other sectors, says Lena Miranda.
The survey contains a quantitative and a qualitative part.
Why SMEs:s Matter
SMEs, small and medium-sized companies, defined by the EU as having up to 250 employees, make up 99% of all companies in Sweden. They contribute 55% of global GDP. 97% of companies in Sweden are SMEs; 99.9% of these are small businesses with fewer than 10 employees. SMEs are an important group: 66% of the respondents have fewer than four employees.
Challenges of Cybersecurity for SMEs
Managing cybersecurity issues becomes difficult for small organizations, as it is hard to find the time and the resources. The cost is perceived as high.
We focus on tech companies as they are crucial in helping other industries digitize.
How Companies Get Started with Cybersecurity
Many companies are aware that cybersecurity is an important issue, but do not engage enough in preparing for potential attacks. More customers are starting to ask questions and assurances when it comes to cybersecurity and are becoming better at setting requirements. With the new legislation
However, companies still find it difficult to know how to start addressing cybersecurity, says Lena Miranda, CEO of Linköping Science Park.
Gaps in Cybersecurity Readiness
MSB (Swedish Civil Contingencies Agency) and Säkerhetspolisen (Säpo, Swedish Security Service) have recently been visiting tech companies and science parks around the country talking about valuable assets and security.
Many companies are aware of which assets are important to protect. Many have started conducting risk assessments to identify what their vulnerabilities are.
However, there is a lack of a plan for how to respond in the event of an attack. This is where knowledge is lacking, says Lena Miranda.
Companies don't know how to get back on their feet after an attack.
Many companies go bankrupt within six months of being attacked. It is simply to costly.
How to Protect SMEs Better
Recommended by LinkedIn
Social engineering is often the reason why companies fall victim to attacks. Many devices are unlocked and connected to open networks, for example. Or we fail to update passwords. It is as simple as that. Humans are the weakest link in all systems.
Barriers to Cybersecurity Adoption
What are the barriers? More and more customers will demand it in procurement processes.
Companies still see information security as a cost, not an investment. They cannot afford or do not prioritize protecting their resources. The main barrier is a lack of internal expertise.
Companies struggle to implement procedures to comply with regulations and create processes and structures. Some have read the regulations but have not been certified. There is a lack of follow-up as required by the regulations. This is a challenge and an obstacle.
66/370 companies, which are very small, do have IT staff, developers, and cybersecurity expertise.
Concrete Guidance is Key
Specificity is key, says Lena Miranda. How do we do it, where do we start? What should we do in what order? This is something we need to support the companies with.
Different industries have different levels of digital maturity.
The MSB security handbook is a good reference for general information. However, different companies, industries, and maturity phases require more specific guidance tailored to their respective industries.
NIS2 Legislation
The NIS2 law comes into force on January 1, 2025, explains Lena Miranda.
About 15% of managers feel well aware of the legislation, but few are well prepared. Some of the companies have undergone ISO certifications.
Benefits of Early Investment in Cybersecurity
You can win more business because of having invested early in cybersecurity, says Lena Miranda. More and more customers will ask for certifications and guarantees.
Focus on Opportunities, Not Just Risks
Let us not focus too much on risk, which is something we tend to do in Sweden. We do not wish to deter companies from digitizing because of cybersecurity risks, says Lena Miranda. We tend to focus on risks instead of possibilities. We still want to spur digitalization.
Cost of a Cyberattack
The average cost of a cyberattack is 14.6 million SEK. This includes consulting fees, running backups, and data reconstruction. It has become too expensive.
AI can help
Many small companies do not have the resources, but AI can be a help in securing information and protecting your assets.
Want to learn more about how Ideon Science Park can help you secure your IP? Get in touch: Liza Johansson
Stay tuned for more information about legislation and how and you can mitigate risks.
Entrepreneurial Leader & Cybersecurity Strategist
5moThe insights from the recent survey highlight the barriers SMEs encounter, such as resource constraints and lack of expertise. As more customers prioritize cybersecurity in procurement, SMEs must adapt by investing in robust security measures and proactive strategies.