糖果派对

By Professor Jan Stentoft, Department of Business and Sustainability, Associate Professor Marco Peressotti, Department of Mathematics and Computer Science, and Assistant Professor Peter Mayer, Department of Mathematics and Computer Science, 糖果派对

Small and medium-sized enterprises (SMEs) play an important role in society by contributing to economic growth, job creation, innovation and exports. Around two-thirds of private-sector jobs are in SMEs. There are roughly 300,000 Danish SMEs, which employ about a million people.

Compared to large firms, SMEs tend to focus more on daily operations at the expense of improving business processes, have fewer financial and human resources, and know less about IT. And IT, in particular, poses fresh challenges as cyberattacks become more common.

Cybersecurity is about protecting systems, communication and data from unauthorised or hidden access, tampering, destruction and disruption. It’s also about making sure users, systems and devices are genuine.

Cyberattacks like ransomware can bring business operations to a halt, and data leaks can lead to large fines and compensation claims. Strong cybersecurity helps businesses stay up and running despite cyberthreats, which is crucial for maintaining trust with customers and suppliers.

Denmark is one of the most digitalised countries in the world. On one hand, this is good for competitiveness, but on the other, it makes individual companies more vulnerable to cyberattacks.

SMEs are digitally connected to many different players, like customers, suppliers, authorities, financial partners, service providers and IT suppliers. Each link is a potential weak spot.

Many mistakenly believe SMEs aren’t obvious targets for cybercriminals because they’re not big enough to be worth attacking. But all businesses are attractive to hackers, who can cripple operations and then demand a ransom to unlock data.

In fact, SMEs are increasingly being targeted by cybercriminals, who see them as easier prey than bigger firms with stronger security. At the same time, SMEs can be stepping stones for hackers to break into larger companies’ systems through their IT infrastructure or products.

Moreover, SMEs often handle sensitive customer data and business information. If compromised, this can damage their reputation and erode trust. In other words, a lack of cybersecurity can lead to major financial losses for SMEs.

Another reason cybersecurity matters is that data protection laws, like GDPR, are getting stricter. Failing to comply can lead to heavy fines and legal trouble, making it even more important to have solid security measures in place.

Investing in cybersecurity also makes an SME more resilient, helping it keep going despite cyberthreats and reducing the risk of business disruption.

As SMEs rely more on digital tools and online platforms, their exposure to cyber risks grows. That means that cybersecurity should be an essential part of their business strategy.

Protecting digital assets and ensuring the integrity and availability of online services should be part of routine risk management. There’s a strong case for SMEs to improve their understanding and handling of cybersecurity within a supply chain context.

A new research report on cybersecurity in Danish manufacturing SMEs, part of the Cybersecurity and Business Continuity project (www.cyber-smv.dk) and funded by the Danish Industry Foundation, reveals some interesting facts.

First, one in five SMEs has been hit by a cyber attack in recent years. Second, while businesses are generally aware of cybersecurity, they also seem to have strong internal coordination between departments, from sales to production, procurement, IT and finance.

This is a solid foundation for boosting cybersecurity efforts, but awareness alone isn’t enough. Action is needed.

And not just within the company: security must extend throughout the supply chain. The study also shows that SMEs aren’t doing much to secure cybersecurity across their supply chains.

This includes managing cyber risks from suppliers and their products and services, setting security requirements in contracts, and making sure security agreements cover both ongoing business relationships and what happens after they end. There’s a need for tools and methods to help manufacturing SMEs take concrete steps on cybersecurity.

Looking ahead, there’s no sign that cyberthreats are easing – quite the opposite.

The rise of artificial intelligence gives cybercriminals new tools and methods, making cyberattacks more likely. Growing geopolitical and social tensions have also fuelled a rise in hacktivism, where attackers exploit security gaps to make political or social statements.

Disinformation is another growing threat, where false information is deliberately spread. These trends highlight the urgent need for better cybersecurity training.

SME boards, managers and staff must take cybersecurity seriously. A cyberattack is never more than a single wrong click away.

As mentioned earlier, SMEs often lack resources, which can make cybersecurity a challenge. But help is available through SME: Digital.

The paradox, though, is that few Danish SMEs are aware of public funding opportunities.

Another option is to strengthen security through the D-mark scheme, which is based on international standards and combines IT security with responsible data handling. SMEs can use the scheme’s self-assessment tool for free, though a fee applies if they go ahead with certification and monitoring.

Industry associations, local business support services and Denmark’s six regional business hubs can also provide advice. If they’re not already being offered cybersecurity guidance, SMEs should push to get it on the agenda. Online events on cybersecurity hosted by banks, consultants and trade organisations are another way to stay informed.

Cyber threats aren’t going away. They’re here to stay. And they’re evolving fast, with attacks becoming more advanced as they exploit the complexities of supply chains.

This is an area that needs to be prioritised – even in a busy workday. That’s why cybersecurity matters. For SMEs too.

The Danish version of this article was published in Jysk Fynske Mediers Erhverv+ on Thursday 22 August 2024.