Submit RFP
Submit RFP
Previous search terms
    Transforming Risks to Opportunities: Cybersecurity Strategies for Global SMEs

    Transforming Risks to Opportunities: Cybersecurity Strategies for Global SMEs

    For SMEs cybersecurity can be a costly and difficult endeavor but it doesn't have to be that way. Heres how SMEs can turn cyber risk into opportunity.

    Highlights

    1. SMEs should view cybersecurity as a business problem, not just a technical one, making strategic choices
    2. Government policies, along with industry collaboration, can help narrow the skills gap and promote cybersecurity education and awareness
    3. Artificial intelligence can be a powerful ally in defending against cyber threats

    In today’s digital landscape, the size of an enterprise no longer dictates its vulnerability to cyber threats. Cybercriminals often target smaller companies that serve larger clients, exploiting weaker security measures as a gateway to more lucrative targets. Small and medium enterprises (SMEs), serving regulated industries, critical infrastructure and large global corporations, are particularly at risk.

    The risk profiles of smaller companies change dramatically with growth and expansion. For example, a small company that started out by printing business cards, grew into making plastic and smart cards and later started a small unit developing sim and e–sim cards. While the revenues and profits of this company did not change dramatically, its cyber risks and the number of cyber attacks it witnessed grew exponentially. This points to a simple fact: regardless of size or revenue, any organisation dealing with sensitive data or having access to systems operated by large corporations, must start prioritizing cybersecurity. Failure to do so not just threatens the company internally, but also the wider ecosystem it operates in. The Global Cybersecurity Outlook Report 2024 further strengthens this argument. According to the report, while the response to cyber-attacks continues to improve, more than 30% of organisations report a reversal in their abilities to deal with these attacks.

    SMEs worldwide grapple with cybersecurity challenges. Given the size of the organisation, budget constraints often hinder the implementation of comprehensive cybersecurity policies. The lack of trained professionals further exacerbates the issue. Moreover, at a fundamental level, low awareness of cybersecurity threats and measures within organisations leads to weak protection strategies and insufficient security protocols. At a macro level, the absence of tailored policies for the SME sector leads to further disparity in effective protection strategies. As SMEs get more integrated within the global digital ecosystem, they encounter new risks and vulnerabilities that must be dealt with.

    Technology vs. business problem

    A roadblock for SMEs to start thinking about cyber security and investing in it stems from perceiving it as a technology problem, whereas it is a business problem. While understanding the technology that powers business is very important, understanding the risks it brings to business is far more important. The classical approach of looking at historical events and predicting future risks is ineffective when it comes to cyber risks. Effective risk management, hence, turns out to be a crucial starting point in thinking about cyber security. Unlike larger enterprises that can apply a higher degree of control across the enterprise, SMEs must identify areas of relevance and create a cyber strategy for different units, data types, and systems. They should also explore more mature technologies, such as cloud computing instead of spending time trying to build, manage and maintain their own technological systems. SMEs can achieve world-class enterprise-grade outcomes just by making the right choices in terms of the technology they pick, and by establishing the right level of accountability for the same. 

    Using AI to your advantage

    Artificial intelligence has been another game changer when it comes to cyber security. With the advent of deepfakes, it may seem as though it continues to benefit more bad actors than good; but that is simply a function of the time. Historically, the cybersecurity community has been one of these pioneers in using AI and machine learning. For example, the “Email Spam Filter”, a technology which was mastered decades ago uses machine learning models to classify email by looking at its content, to say whether it should get delivered to the inbox or not. There have been many AI solutions already coming into play, that are defending against cyber attacks.

    One can look at deepfakes to understand this better. Phishing is now about sending a deepfake video and sending synthetic voice; however, technology today can detect these fakes. AI against AI will identify whether a particular video can be trusted or not, and whether a particular sound can be trusted or not.

    Other examples of AI being used to help improve cyber security include detecting breaches in data much faster, and also for education which helps manage the skill gap in SMEs by not just classroom learning, but by practical application.

    Cybersecurity must also be looked at as a growth opportunity and not just as a risk. An effective cyber strategy is an important driver of trust. Customers value the importance of trust while doing business with small companies and are more likely to do business with those companies that demonstrate effective and responsible use of technology and data. However, it is necessary to keep the total cost of security in mind when building a cyber security strategy. If not managed effectively, the cost of technologies like cloud and AI can grow dramatically.

    Lastly, government policies and industry collaboration can help narrow down the skills gap. Imparting cyber skills as early as in school will not only protect young vulnerable kids but will also create a foundation for a large pool of cyber talent. Further, there is also a need to expand the talent pool by not simply limiting it to STEM professionals but also include people coming from diverse educational backgrounds and skills. To do so, the government should incentivize careers and opportunities in the domain of cybersecurity and awareness. One method of doing so is through the Corporate Social Responsibility obligation for large companies, leveraging that money for cyber security skill development. Overall, these are some measures that the government can take to bring scaled outcomes in a short time.

    A version of this article was published by World Economic Forum Online on Jul 30, 2024. The same can be read here

    Author

    Akhilesh Tuteja
    Akhilesh Tuteja

    Partner & National Leader, Clients and Markets and Technology, Media & Telecommunications (TMT), KPMG in India and Global Head - Cyber Security

    KPMG in India

    Access our latest insights on Apple or Android devices

    kpmg-insights-edge-qr