Challenges faced by SMEs

Research shows that SMEs face a number of challenges. Their financial and knowledge resources are limited compared to larger organizations. This results in issues concerning the adoption of digital technologies. The size and structure of many SMEs might lead to logistical, managerial and organizational issues, or lower levels of technology awareness. This can make SMEs less competitive on the market.

Furthermore, these challenges can also lead to issues in adoption of cyber security controls. Poor understanding of the importance of cyber security or precautions that need to be taken in order to ensure business continuity are among factors contributing to the general lack of cyber resilience of SMEs. This together with scarce resources and knowledge make Welsh SMEs susceptible to cyber threats.

Trends and Statistics

The issues outlined above are particularly worrying in light of cyber crime statistics. In 2023, 31% of micro businesses, 32% of small businesses and 59% of medium businesses have identified cyber breaches or attacks. Outcomes of such incidents are numerous – websites and online services being taken down, loss of access to data or theft of money. An average cost of breaches was nearly £1500 in case of micro and small businesses this year. Considering the fact that SMEs account for 99% of all businesses in the UK, instances of cyber crime against them can be catastrophic not only for those enterprises, but also British economy in general.

On top of the knowledge and resource constraints, the cyber hygiene of SMEs is a factor contributing to the crime rates. An example of this is the implementation of formal cyber risks policies. While the percentage of businesses taking this precaution grows exponentially to their size, it is still observed less than a quarter of micro enterprises. The situation is similar in terms of the adoption of government initiatives and guidance. Despite of the fact that information on, for example, 10 Steps to Cyber Security is very easily available online, only 2% of micro businesses, 3% of small businesses and 7% of medium businesses have adopted all 10 steps as of 2023.

Cyber Insurance

Cyber insurance can be a great solution for SMEs. In a way, it replaces the uncertainty of the potential outcome of a breach or attack with a certain monthly or annual premium payment that could cover the damage if it occurs.

Unfortunately, cyber insurance is not free from challenges either. It is a relatively new product on the insurance market. Cyber risks are changing on daily basis. This makes accessing data on risks difficult. Consequently, there is no standard policy coverage. Furthermore, the policy wording is often rather vague which might be off-putting for potential recipients. This shows in the cyber insurance uptake statistics. In 2023, only 6% of micro businesses, 11% of small businesses and 22% of medium businesses have purchased specific cyber security insurance policies. Apart from the universal issues concerning this type of insurance, SMEs commonly perceive the premium prices too expensive or struggle to meet the minimum criteria to be insurable.

Project Objectives

In light of the above, the project’s aim was to discover the current approach of Welsh SMEs to cyber risk. We surveyed businesses from all over Wales, ensuring that we had adequate representation from the North, South, East and West. Interestingly, the story was the same regardless of area. Cyber risk was not at the forefront of the average SMEs mind, with many citing that they were simply “…too small for anyone to bother attacking….”.

This fed into our second objective, which was to raise awareness of the very real and present threats that small and medium businesses face. To this end, along with our partners and associates, we travelled throughout Wales hosting free events. Our aim was to ensure Welsh SMEs had the knowledge they needed in order to make an informed decision as to how best to protect their business against cyber attacks/risks.