Information Sharing

Many firms are afraid of publicly discussing cybersecurity issues, in particular details about breaches, as they fear negative publicity resulting from their perceived weakness in relation to cybersecurity. However, while this may be true in the past, this is no longer the case as many firms realize that they cannot deal with this issue by themselves.

The sharing of information in relation to cybercrime is key to SMEs to better understand the risks they face. Firms that hear about cybersecurity challenges, and how those challenges were overcome, from their peers will more likely take steps to secure their systems than if they were to hear similar details from industry reports or from cybersecurity surveys.

A key element in facilitating information sharing is with Information Sharing and Analysis Centers (ISACs), as outlined in our recommendations at the EU and National level. However, until ISACs are in place SMEs can use other mechanisms to share good practices for cybersecurity, alerting others to potential attacks, or how to recover from a breach.

Similar to neighborhood watch schemes in the real world, information sharing networks in relation to cybersecurity, can quickly improve security for all. SMEs can look to existing bodies to facilitate this information sharing. Bodies such as chambers of commerce, industry representative bodies, or local business associations all provide a useful platform to facilities information sharing and education. These bodies could also engage with cybersecurity experts to address their members at meetings or conferences to ensure they are aware of the latest threats and the good practices that SMEs can employ.