Twenty-eight percent of small and medium-sized enterprises (SMEs) in the European Union experienced at least one type of cybercrime in 2021. The situation of Czech SMEs is a bit worse than the average in the twenty-seven EU countries; indeed, 38% of them had an experience with some form of cybercrime. The worst situation was in Portugal (48%), and the best situation was in Sweden (15%). Despite these facts, managers at Czech organisations believe that their employees are well aware of cybercrime risks. This is the conclusion of the latest Eurobarometer survey conducted near the end of last year. More than 12,800 SMEs participated in the survey from across the EU –including 504 from the Czech Republic.
The types of cybercrimes SMEs are most likely to be concerned about are the hacking (or attempts to hack) of their online bank accounts (an EU average of 32% vs 39% for the Czech Republic); phishing, account takeover, and impersonation attacks (an EU average of 31% vs 38% for the Czech Republic); and viruses, spyware, and malware (excluding ransomware) (an EU average of 29% vs 34% for the Czech Republic). As can be seen, the concerns are always a bit greater for Czech SMEs.
“Out of the eight available cyber threats that concerned them the most, Czech enterprises chose ransomware as the last option; however, ransomware should not be underestimated. Data is vital for any business operation, and its loss may possibly lead to a company’s collapse,” says Martin Lohnert, a cybersecurity specialist at Soitron, in commenting on the survey results.
When asked about the most prevalent impact on their business, 51% of Czech organisations said that it was the additional time required to respond to cybercrime incident(s) as opposed to an EU average of 35%. Thirty-one percent of Czech organisations mentioned repair and recovery costs – as opposed to an EU average of 24% – and 23% of Czech organisations mentioned an attack preventing employees from carrying out their day-to-day work as opposed to an EU average of 20%.
So, what are organisations doing to prevent such attacks? When asked how well employees were informed about cybercrime, the survey respondents answered that 15% of employees were very well informed and that 47% were fairly well informed. These results are close to the EU average. The degree of certainty that companies do their best when it comes to employee training is high. In spite of this, attacks do occur very often – and the reason is clear. Only 19% of SMEs in the EU have organised training or awareness raising about the risks of cybercrime in the last twelve months. In the Czech Republic, only 15% of organisations have done so.
The survey results also highlighted the fact that, with a few exceptions, companies hardly ever report disruption incidents or conducted attacks; indeed, 68% of companies did not do so % for the Czech Republic. The most common reason provided by Czech companies for not reporting an incident was that they had dealt with the incident internally. In the EU, 52% of companies report these incidents, most often to the police (18% of all incidents). In the Czech Republic, only 11% of companies do so. “Not reporting an attack attempt or an actual attack is not only a very bad choice, it also supports cybercriminals in their activities. If companies report the incident (we recommend reporting it to the National Cyber and Information Security Agency), they can prevent more extensive damage to their own organisation and warn others about the same attack in time,” explains Lohnert.
When a cybersecurity incident is reported, government team experts are ready to provide technical assistance and advice on further preventive measures. If it is found that the incident has targeted multiple entities, they are ready to coordinate joint actions to combat the attack.
The pandemic uncovered new cyber security challenges. Many SMEs have had to adopt new measures, implement cloud services, upgrade their online services, and allow employees to work remotely. All of that just to survive the pandemic and continue in their business. “Subsequently, this has led to an increase in the activities of cyber-attackers. We all need to better respond and, above all, prepare employees,” concludes Lohnert.
We are in the process of finalizing. If you want to be redirected to our old version of web site, please click here.