Small and medium-sized enterprises (SMEs) are the backbone of the EU's economy. They represent 99% of all businesses in the EU and employ around 100 million people. They also account for more than half of Europe’s GDP and play a key role in adding value to all sectors of the EU economy. They serve both as enablers for the digital transformation and as a core element of the EU social fabric. More information is available in the European Commission SMEs report.

The Covid-19 pandemic forced SMEs to rethink their digital mindset. They had to take business continuity measures such as adapting to cloud services, upgrading their internet services, improving their websites, and enabling staff to work remotely. ENISA interviewed European SMEs during the pandemic, the most common cyber incidents identified were ransomware attacks, stolen laptops, phishing attacks and CEO fraud. Of the SMEs, ENISA surveyed, 90% stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening, with 57% saying they would most likely become bankrupt or go out of business.

In a time of increased remote work and growing cyber threats, SMEs are facing major Cybersecurity challenges. Low-security budget, lack of cyber-skills and increase in cyber-attacks can seriously impact SME's competitiveness and compromise event the value-chain they are connected to. This is why is fundamental for SMEs to start taking the right steps to secure their business.

Highlighted Publications

1
Report Cybersecurity for SMEs

2
Cybersecurity Guide for SMEs

3
SecureSME Tool

ENISA's role

For nearly 15 years, the EU Agency for Cybersecurity has been pushing forward cybersecurity initiatives to assist SMEs to integrate cybersecurity into their digital environments. Starting in 2006 and 2007, the Agency published two Information Package for SMEs reports, providing risk assessment and management methodologies for SMEs. In 2010, the Agency published the Business Continuity for SMEs report to help facilitate IT knowledge transfer to SMEs. In 2015, the Cloud Security Guide for SMEs report was released to assist SMEs to understand the security risks and opportunities regarding cloud services. Two years later, the Agency published the Guidelines for SMEs on the security of personal data processing.

With the COVID-19 pandemic, the EU Agency for Cybersecurity has started to monitor and analyse the ability of SMEs, within the EU, to cope with the cybersecurity challenges in this changing environment. The Agency provides also advice and good practices on cyber hygiene and risk management to help SMEs protect themselves from cyber risks and attacks. The Agency also proposed actions that Member States should consider to support SMEs improve their cybersecurity posture.

The EU Agency for Cybersecurity released a series of tips to help businesses face the rapidly changing digital sphere during the pandemic: Tips for selecting and using online communication toolsTips for cybersecurity when buying and selling onlineTips for cybersecurity when working from homeTop ten cyber hygiene tips for SMEs during COVID-19 pandemic. The EU Agency for Cybersecurity and the National Cyber Security Alliance published a joint checklist for SMES in November 2020, offering businesses on both sides of the Atlantic a basic guide to maintaining digital security. In 2021, ENISA focused in producing structured publications to support SMEs in securing employees and businesses from cyber-attacks: the report Cybersecurity for SMEs - Challenges and Recommendations, the Cybersecurity guide for SMEs - 12 steps to securing your business and the SecureSME Tool.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information