Why cybersecurity is a crucial building block for the successful SME

Innovation projects are on the rise among Belgian SMEs. Businesses are fully automating their processing, focusing on new technologies or developing digital tools. Your business is increasingly part of a digital and online ecosystem, in which systems and networks connect everything and everyone. But is your business cybersecure?

In the past year, the corona crisis has only accelerated the digital transformation. Many entrepreneurs have invested in new technology. However, digitalization is inextricably linked with cybersecurity. In the annual EY Global Information Security Survey, 59% of organizations questioned indicated that they had been the victim of a cyber incident in the previous year.

So make cybersecurity an integral part of your digital transformation program. More than that, include cybersecurity at the planning phase of every new initiative.

Here are the main reasons for doing so:

1. Continuity of core processes

Ten years ago, a cyberattack may not have had much impact on your operations. At worst, IT functions would be down for a day or two. Operational activities would continue, albeit less efficiently. Today, a targeted cyberattack paralyzes entire businesses and organizations. Technology is increasingly a fundamental part of core processes and service provision. Automation connects production environments with digital tools, allowing you to control machines and installations remotely. That fact hasn’t escaped cybercriminals. Failing to integrate cybersecurity in your operational activities means you are effectively waiting for a hacker to pull the plug.

Technology is increasingly a fundamental part of core processes and service provision. Yannick Scheelen, EY Belgium Consulting Cybersecurity and Privacy Senior Manager

2. Financial and economic loss

Cybercriminals often see SMEs as an easy target, because these companies tend to focus on the operational growth of their business rather than how cybersecure that business is. Criminals direct their attacks primarily at your company’s employees. About 44% of these cyberattacks involve phishing. People are too often the weakest link and sometimes leave the door wide open to cybercriminals. Now that employees are increasingly working from home because of the corona crisis, attention can lapse in the “secure” home environment. For example, the number of phishing attacks during the first lockdown grew by no less than 667%. There was also an increase in so-called whale phishing, in which criminals send an email or WhatsApp message to board members for financial gain. If you fall into this trap, before you know it you’ve transferred money to criminals or given them access to crucial corporate information and systems, with serious financial losses as a result.

3. Service provision in a wider supply chain

The sectors in which your clients work, often combined with the applicable legislation, define the cybersecurity requirements. As an SME, you are often part of a wider supply chain. It is therefore important that you demonstrate to clients that your services operate in a cybersecure manner to ensure business continuity and deliveries. Think of TISAX, a de facto cyber standard in the automobile sector that guarantees a stable and secure supply chain, or the European legislation for the security of critical infrastructure against cyberattacks. You might not be a supplier of drinking water yourself, but if you ensure the maintenance of a water purification installation, you may also have to comply with the applicable cybersecurity legislation.

It is equally important that you don’t become a gateway for criminals to your clients. Cybercriminals often see SMEs as an easy target to gain access to larger companies for whom the SME works. Larger companies therefore focus heavily on the cybersecurity of their third parties and suppliers to protect themselves against attacks. SMEs that don’t meet these demands may well find themselves looking for a new contract.

4. Trust in the market and a strong reputation

Regardless of sectoral and regulatory aspects, businesses in general place higher demands on their suppliers in terms of cybersecurity. As an SME, if you are the victim of a major cyberattack it will undoubtedly have a negative impact on your reputation and weaken your position in the market. So by investing in cybersecurity, you not only make your business more robust against attacks, you also set yourself apart from the competition.

It gives your clients confidence in the way you treat their data in terms of security and privacy. It also increases the quality and continuity of your service provision and therefore the reputation of your business in the market. Consequently, cybersecurity is an important factor in your success. How you deal with a cyber crisis determines the trust you get from clients and the market.  Koen Machilsen, EY Belgium Consulting Cybersecurity and Privacy Director

5. Resilience and rapid recovery

It is impossible to make a business 100% cyber-secure, but you can significantly reduce the potential risks by implementing technical and organizational measures. This also means building in the right processes to deal with a possible cyberattack. That way, you make your SME resilient, remain in control and can quickly restart business-critical processes. How well you deal with a cyber crisis can undermine the trust you get from clients and the market.

Cybersecurity, the cornerstone of your growth program

Cybersecurity is a crucial building block in the digital growth program of every SME. It is a defining factor in strengthening relationships with existing clients, winning the trust of new clients and creating peace of mind within your own company. Businesses that embrace cybersecurity from the beginning and throughout the lifecycle of each technological initiative are paving the way to a successful future.

Getting started with cybersecurity can seem complex and often overwhelming. Our experts will be happy to give you the right building blocks to increase the cybermaturity of your business, tailored to your organization and services.

The Belgian Cybersecurity team is part of a worldwide network of 5,000 cyber specialists with a wide variety of understanding and in-depth sector expertise. Our technical experience is combined with thorough knowledge of the latest developments in privacy, ransomware and phishing. EY is a leader in Europe in terms of digital identity and authentication, as well as operational technology.