SME cybersecurity: more awareness needed
Swiss SMEs still underestimate the risk of cyberattacks. To reduce such risks more significantly, however, more awareness-raising measures and preparation for emergency scenarios are needed, as ZHAW and Allianz Suisse conclude in a joint study.
According to a study by ZHAW and Allianz Suisse, many SMEs still underestimate the risk of cyberattacks on their own company. In order to increasingly reduce such risks, more awareness-raising measures and the preparation of emergency scenarios are required. Seriously, according to the study, employees often do not consider their own company important enough to be "a worthwhile target." This attitude can lead employees to be insufficiently vigilant.
Employees often feel helpless in the event of an attack
However, cyber criminals often take advantage of precisely this opportunity and try to infiltrate the company system via malware or obtain passwords. Especially in this day and age, when more employees are working from home, the risks are increasing. In most cases, technical aspects such as external access to the corporate network play a role. On the other hand, direct communication with employees is also more difficult, which makes employees more susceptible to suspicious emails.
Companies should actively involve employees
Employees often feel relatively helpless when an attack is detected and assume that specialists will help anyway, the report concludes. However, the results of the study also show that SMEs generally have a good corporate culture with a strong focus on solutions, and that employees often want to help in dealing with a loss event.
The authors of the study make a number of recommendations: These include more information measures within SMEs to raise awareness. Furthermore, companies should develop strategies to cope with possible attacks and failures of IT systems and train for these scenarios. The study concludes that companies should actively involve their employees in developing appropriate solution strategies.
According to the ZHAW, the study used the so-called "deep metaphor interview technique," which required respondents to select different images to explore perceptions and attitudes toward various aspects of cybercrime.
Source: ZHAW
