Cybersecurity: Only something for "digital pioneers"?
For the fourth time, a representative study was conducted on the impact of the Corona crisis on digitalization and cybersecurity in Swiss SMEs. The research partners were Die Mobiliar, digitalswitzerland, Hochschule für Wirtschaft FHNW, Schweizerische Akademie der Technischen Wissenschaften SATW, Allianz Digitale Sicherheit Schweiz ADSS and gfs-zürich. For the study, 502 managing directors of SMEs with 4 to 49 employees in German-, French- and Italian-speaking Switzerland were surveyed by telephone from April 18 to June 13, 2023.
8 out of 10 SMEs entrust their digital infrastructures to external IT service providers and also seek advice from them in the area of cyber security. However, there has been little progress in implementing measures to protect against cybercrime.
"Digital pioneers" are doing more for cybersecurity - but there are fewer and fewer of them
The general level of information among respondents regarding cyber risks has improved slightly since the first survey in 2020. Slightly more than half (56 %) now feel rather or very well informed (2020: 47 %). The study results indicate that SMEs with well-informed executives are much more likely to implement measures to improve cybersecurity than respondents who consider themselves to be poorly informed.
Respondents who see themselves as "digital pioneers" are also better informed across the board, implement more measures and attach greater importance to the issue of cyberrisk (see chart 1). What is thought-provoking in this respect is that significantly fewer SMEs surveyed see themselves as digital pioneers in 2023 (12 percent) than a year ago (2022: 21 percent).
- One in ten SMEs (11 %) had already been successfully attacked by cybercriminals in such a way that considerable effort was required to repair the damage. More than half (55 %) of respondents who had already been attacked complained of financial damage. Around one-eighth (13 %) said they had suffered loss of customer data or damage to their reputation.
- According to the respondents, cybercrime is a serious problem (mean value of 4.7 on the 5-point scale). They also recognize the measures against cyberattacks as important (4.5). The more open-minded SMEs are about technology, the higher the rating of both the dangers and the need for measures.
- At 3.9 and 4.5 (on a scale of 5), the degree of implementation of the various measures surveyed is practically unchanged compared with the last two years. Digital pioneers have implemented more measures than early followers, and the latter more than late followers.
- As already noted in previous years, organizational measures are still implemented significantly less than technical measures. The two organizational measures implemented least frequently are regular employee training (2.9 on a scale of 5) and the performance of a security audit (2.8).
- About half (52 %) of respondents think it is somewhat or very likely that they will increase their security measures against cybercrime in the next one to three years. Those better informed on the topic of cybersecurity plan to take more measures against cybercrime (3.6 on the 5-point scale) than those less informed (3.0).
Working with third-party partners in the areas of IT and cybersecurity is a matter of course for many SMEs. Thus, a total of 79 percent of the companies surveyed trust at least one external IT service provider and are very satisfied with it overall (91 percent). However, only half of the respondents can confirm that their IT service providers have a recognized security certification (see chart 2).
The home office
The number of workplaces that SME CEOs describe as homeoffice-ready has declined for the fourth time in a row. The use of digital communication channels such as Skype, Teams or WhatsApp is also lower in 2023 than it was in 2022.
- Since 2020, the number of home office-ready jobs has decreased year over year. The number of SMEs where some or all employees can work from home has decreased from 67 % (in 2020) to 56 % (in 2023).
- In those companies where home office exists, 42 % of employees work partly or mainly at home. Geneva and Zurich stand out - as in the previous studies - as being particularly home office-friendly.
- In 2023, after the end of all pandemic measures, almost three quarters of respondents 73 % expect the home office share to remain the same in the long term. It seems that home office use has become established at the current level in most SMEs.
The results of the study on digitization and cybersecurity in SMEs make it clear that the more companies identify themselves as digital "pioneers," the more often they implement technical and organizational measures to strengthen cybersecurity in their company. However, while in previous years around one-fifth of the SMEs surveyed always saw themselves as digital "pioneers," in 2023 this figure is only around one-tenth.
Sources/Research Partners: Furniture, digitalswitzerland, School of Business FHNW, Swiss Academy of Engineering Sciences SATW, Alliance Digital Security Switzerland ADSS and gfs-zurich.
