Small and medium-sized enterprises (SMEs), in particular, are high-priority targets for cybercriminals. Approximately one-third of all SMEs in Switzerland have fallen victim to a cyberattack, with 6% of them subsequently being subjected to extortion. In Germany, between 40% and 50% of all SMEs become victims of cyberattacks each year. According to the Swiss Federal Statistical Office (BFS), SMEs are defined as businesses with fewer than 250 employees. This classification includes 99% of all companies in Switzerland. Additionally, SMEs in Switzerland account for two-thirds of all jobs. As you can see, SMEs are a significant presence in the business world. One might assume that their frequency alone makes them prime targets for cyberattacks. To some extent, this assumption is correct. But why are SMEs targeted so frequently? After all, their data is often not highly valuable. This blog post explores this question.
In summary, SMEs are attractive targets for cyberattacks because:
One reason for the frequent targeting of SMEs is that a successful cyberattack on such entities is financially more attractive than an attack on individuals. Through successful attacks using methods like brute force, phishing, or social engineering, cybercriminals can initiate substantial financial transactions and enrich themselves with significant sums of money. Ransomware attacks also find SMEs more attractive than individuals. This is because SMEs regularly store sensitive information about numerous customers. In contrast, individuals typically possess sensitive information only about themselves. Additionally, since SMEs often aim to avoid reputational damage and regularly lack both the know-how and resources, they are more inclined to pay ransom demands. Why don't cybercriminals skip SMEs and target large corporations directly?
Large corporations often have cybersecurity departments equipped with extensive expertise, resources, and infrastructure. In cases where there are no internal cybersecurity departments, these corporations typically outsource this function. Both options are considered standard today. Furthermore, large corporations have cyber compliance guidelines, which include emergency and security protocols that must be adhered to during day-to-day operations and in emergencies. Additionally, all personnel at various levels in large corporations regularly receive cybersecurity awareness training. As a result, successful attacks on large corporations are less promising. However, cybercriminals often choose SMEs as an attack vector to subsequently launch cyberattacks on large corporations. SMEs unwittingly serve as stepping stones in this scenario. Here's an example: SMEs frequently act as suppliers or service providers to large corporations. If cyber attackers gain access to SME systems through cyberattacks, they might attempt to penetrate the systems of the large corporation from that position.
In conclusion, cyberattacks on both individuals and SMEs have unfortunately become part of daily business. The number of such attacks continues to increase year by year, with no signs of abating. While SMEs are indeed highly attractive targets for cybercriminals, large corporations are not immune and are regularly affected as well. At Teichmann International (IT Solutions) AG, we are always available to advise you on risks and prevention strategies. In the event of a cyber incident, we stand ready to assist you promptly and comprehensively.