Illusory Security. Small and Medium Enterprises Easy Targets for Cybercrime

illustration: bing.com/create

The main reason for these fears is the increasing number of cyberattacks and the fact that these companies process large amounts of personal data, making them an attractive target for criminals.

Where Do These Fears Come From?

• 59% of companies point to frequent, successful cybercriminal attacks as a cause for concern.
• 29% highlight the processing of large amounts of personal data.
• 26% believe they are an attractive target for data thieves.

At the same time, as many as 65% of entrepreneurs claim they are not worried about data theft. The primary reason given is good computer security (50%). Some companies believe they do not process a large amount of personal data (39%) or that they are not an attractive target for hackers (35%).

Attractiveness of SMEs for Hackers

In Poland, the SME sector employs 7.3 million workers, providing hackers with just as many potential victims. The vast majority of these companies (83%) store personal data in digital form, and 50% exclusively in electronic form. This data includes names, surnames, PESEL numbers, phone numbers, and addresses. Meanwhile, 38% of micro-enterprises store employee data on the owner`s computer, while medium enterprises do so on accounting computers (44%).


It is surprising that 90% of companies in the SME sector declare that they properly protect their employees` data. The most confident are small (55%) and micro-enterprises (54%), which claim to have effective security measures. However, as many as 65% of the smallest companies do not regularly update their antivirus software. Medium enterprises also do not fare much better, as 44% of them neglect this basic principle of cybersecurity.

Data Protection Methods

Most companies in the SME sector secure their data using traditional methods:

• 51% limit access to documents only to authorized persons,
• 40% secure files with passwords,
• 36% have alarms or anti-burglary doors,
• 35% install up-to-date versions of antivirus programs.

Less popular methods include storing paper documents in safes (28%) and using remote locking in case external drives are lost (26%). The least frequently used methods involve default blocking of USB ports (19%) and requiring employees to regularly change their passwords (21%).

Experts warn that the lack of regular updates to antivirus software exposes companies to risk. Kamil Sztandera from ChronPESEL.pl, quoted by Newseria Biznes, notes that this illusory sense of security leads to underestimating threats, and SMEs may become easy prey for cybercriminals.