Cybersecurity in SMEs in the Baltic Sea Region

In this paper we will explore and characterise the challenges and problems for SMEs in relation to cybersecurity. Firstly, we present an overview of the major cyber threats and attacks and the types of countermeasures that can be applied to prevent and detect cyber-attacks in organisations - with a particular focus on SMEs. Next, we will discuss and analyse what SMEs have been doing so far, based on published surveys and our own research, and how SMEs can prioritize their limited resources to address the challenges from cybersecurity. Finally, we will discuss how various policy initiatives can contribute to enhance cybersecurity in SMEs. Cybersecurity has become a serious challenge for businesses around the world. Distributed Denial of Service (DDOS), ransomware and other kinds of cyberattacks are happening more and more frequently, and for businesses they can lead to severe consequences, e.g., interruption of work processes and customer services, loss and compromising of data, violation of data protection and privacy laws, a lot of time wasted, and large costs. The ongoing process of digital transformation is affecting all businesses and organisations, large and small, and this puts further focus on the challenges related to cybersecurity. World Economic Forum has in 2019 recognized cybersecurity to be among the top 10 global risks (Heidt, Gerlach, & Buxmann, 2019). The EU has published a common strategy on cybersecurity (POLICY, 2020), and several major initiatives are being launched by the EU to increase awareness and protect critical infrastructure, e.g., the NIS2 (Network and Information Security 2) Directive (NIS2 Directive, 2020). In Denmark, research performed by PwC shows that business leaders see cybercrime as the most important challenge, more important than the pandemic and the climate change (Danish Business Authority, 2021)