The European Commission has conducted a study on the impact of cybercrime on small and medium-sized enterprises (SMEs). The results, which should inform the police, were not released until 12 May. From November 26, 2021 to December 17, 2021, 501 interviews were conducted with French companies.
Hacking bank accounts, the first threat
SMBs are likely to be “very concerned” about hacked or attempted hacking of online banking accounts (29%), phishing, account hijacking or identity theft (28%) on the same level as viruses. spyware or malware (excluding ransomware). followed by unauthorized access to files or networks (23%). Overall, the French average is below the European average. For example, 22% of European SMEs said they were concerned about ransomware, compared to 16% of French companies.
In fact, 19% of French SMEs say they experienced at least one cyber incident (ransomware, phishing, unauthorized access to files or networks, viruses, denial of service attacks, etc.) during 2021 . below the European average, which is 28%. This does not automatically mean that they suffered less. They may detect them worse.
In terms of the consequences of this cyber incident, French SMEs responded with 33% that they had incurred additional work required to respond to the attack, 20% with the inability to use resources or services, and 20% also with the inability for employees to perform their daily tasks. .
33% did not plan anyone after the attack
More worryingly, 33% of the companies surveyed responded that they had not reported a security incident to anyone (compared to the European average of 44%). Proof that attacks are still far from being reported. Police and merchants or service providers are second only to the Internet Service Provider (ISP).
Most respondents believe that their employees are reasonably well informed about the risks associated with cybercrime. However, 88% of them did not offer any training or awareness about the risks of cybercrime (compared to 79% on average in Europe) during 2021. Being an easy target, such inattention should be alarming in the context of the explosion and the sophistication of computer attacks.