The development of the resilience of small businesses in the Netherlands is lagging behind the speed at which cybercriminals develop new attack methods. This leads to a resilience gap between the threat and the protection of companies.
This is according to research by the Digital Trust Center (DTC). The fact that digital resilience is not yet in order everywhere is due to the fact that basic measures are not being implemented sufficiently. The DTC refers to things like logging in in two steps and making and testing backups.
DTC Benchmark Survey
The Digital Trust Center (DTC) has commissioned research into the use of various cyber security measures by Dutch self-employed persons without employees and (small) SMEs with and without an IT service provider. A total of 766 self-employed persons and SMEs (up to 25 employees) took part in the survey. The results show that self-employed persons and SMEs are taking measures to protect their companies. For example, 4 out of 5 self-employed persons and SMEs indicate that antivirus software is installed. More than 4 out of 5 self-employed persons and SMEs also think they can easily recognize phishing. Not all measures are being taken sufficiently. It is striking, for example, that logging in in 2 steps, also known as two-factor authentication, is one of the least complied with measures among self-employed persons and SMEs. 60% of SMBs say they have two-factor authentication enabled on all business applications. Among the self-employed, this percentage is 44%.
Freelancers have more insight
Although the self-employed group scores lower on average for taking cyber security measures, this group has more insight into the measures taken than the SME group. In the SME group, it is more often unclear whether certain measures have been taken or not. A striking difference between the two groups is that SMEs more often have a call list for digital emergencies, while this is one of the least complied with among self-employed persons. Compared to SMEs, self-employed persons also test less often whether their backup actually works if necessary.
Influence of IT service provider on measures taken
9% of the self-employed have engaged an IT service provider. This is 64% for SMEs. If we look at the differences between the two groups with and without an IT service provider, it is striking that self-employed persons without an IT service provider indicate more than twice as often that they have tested whether backup works (57% of the self-employed without an IT service provider versus 26% of the self-employed with an IT service provider). Also, considerably more self-employed persons without an IT service provider (30%) have made a risk analysis than self-employed persons with an IT service provider (8%).
“It is often thought that small businesses are not interesting targets for cybercriminals. Wrongly. A cyber attack very often affects systems that are insufficiently protected. Fortunately, there are many things you can arrange yourself today to protect your company. With the CyberVeilig Check, we can ensure that the resilience gap narrows a bit,” says Michel Verhagen, manager of the DTC.
Based on these results, the DTC is today launching an awareness campaign about cybersecurity measures that entrepreneurs can quickly implement themselves. The aim of this campaign is to encourage self-employed persons and SMEs to take quick action to increase their resilience.
The message DTC: ‘Many small companies do not have resilience in order’ appeared first on ChannelConnect.