Study: Cyber attacks are a real threat to Swiss SMEs

Online shops are most at risk, with 58 percent reporting a cyber incident in the past. For them the attack also very often led to an interruption of their business. Overall, two out of five SMEs surveyed have already fallen victim to a cyber incident. Most of them were infected by a virus.

In general, the cyber attacks usually took place as a result of a phishing e-mail (44 percent). The second most frequent cause cited was accessing an unsecured website (21 percent). For most of the affected SMEs the direct costs are low, but 60 percent report that they had medium to high indirect costs, for example the expense of correcting the damage or for external IT service providers. 

"From the perspective of the Swiss SMEs, cyber attacks are a risk that must be taken seriously,” explains Anja Eberlein, Senior Manager Market Research at Zurich. "Above all, they fear the consequential costs of cyber attacks”

SMEs with between 10 and 50 employees are particularly at risk. For them, the blocking of access to their data would have the most serious consequences (36 percent anticipate a total interruption of business). 72 percent of them also believe that cyber attacks like "Wanna Cry" will become more frequent in future, but that they are inadequately protected against them.

When an attack has been discovered, most SMEs (52 percent) contact a local IT service provider. In the case of companies with fewer than 10 employees, this figure is actually 63 percent. Larger business with 50 or more employees resolve the problem with their own in-house IT specialists.

Almost all the SMEs surveyed take technical precautions. They organize regular data backups and they have installed a firewall or an anti-virus program. In the case of the other activities to protect against cyber attacks there are, however, some major differences. The smaller the business, the less likely its employees are to have been informed about the risks of cyber attacks: In the case of micro-enterprises with fewer than 10 employees, this happens in less than half of them (46 percent). Only one in four firms from this category offer proper training. 

“The SMEs have a lot more potential in this respect, particularly the smaller ones,” comments Anja Eberlein. “Because almost all cyber attacks are only made possible as a result of the inattention of an employee. With alert employees, many attacks can be successfully averted.”