Cyber skills and investment lacking among Europe's SMEs

A lack of IT expertise within SMEs, along with a reduction in investment in cyber resilience have led to a significant increase in cyber security risk and vulnerabilities, according to a poll conducted by Infosecurity Europe.

This year’s COVID-related surge in remote workers was found to be the second most significant stumbling block for smaller businesses, according to the security event’s Twitter poll.

The impacts felt by small businesses across the UK as a result of the coronavirus pandemic are estimated to be six times larger than they were during the 2008 recession, according to analysis undertaken by the Centre for Economic Business Research.

Infosecurity Europe’s poll set out to find out how SMBs are managing to build and invest in cyber resilience – their ability to prepare for, respond to and recover from cyberattacks – and the obstacles they face.

“The rapid pivot to remote working was – and continues to be – a huge challenge for SMBs,” says Maxine Holt (pictured), senior research director at Omdia. “These organisations typically don’t have a dedicated cybersecurity function, and it’s part of someone’s job to oversee it. There was a sticking plaster placed over security during the shift to remote working, which isn’t sustainable. Companies must now peel the sticking plaster back, and put longer term security approaches in place.”

A skills deficit is of particular concern as half (49.7%) of poll respondents believe small companies bear primary responsibility for educating and supporting themselves in becoming cyber resilient. This was followed by government bodies (32.3%) and large tech companies (18.1%).

“Government bodies certainly have a role to play in educating and supporting SMBs, such as the NCSC in the UK,” Holt continues. “But protecting the business is the companies’ own responsibility. There are plenty of free resources available, not only from government bodies but also standards bodies, management consultancies, technology vendors, and service providers. This is one way of keeping up with the ever-widening skills gap.”

Drawing 3,649 responses, the Infosecurity Europe Twitter poll was conducted during the week of 16th November 2020. Infosecurity Europe also asked its community of CISOs and analysts for their views on cyber resilience in small businesses.

The topic of cyber resilience forms the basis of the major annual information security event scheduled to take place at Olympia in West London, from 8-10 June 2021.

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement