• Thursday, December 05, 2024
businessday logo

BusinessDay

Understanding cyber risk in the age of digital transformation for SMEs

Understanding cyber risk in the age of digital transformation for SMEs

As more small and medium-sized enterprises (SMEs) increasingly embrace digital transformation, the promise of efficiency, growth, and customer convenience shines bright. With the ICT sector contributing almost 20 percent to Nigeria’s GDP and forecasts suggesting the digital economy could hit $18.3 billion by 2026, there’s no denying the growth potential. From embracing cloud services and online payment systems to engaging customers through social media and mobile apps, SMEs are increasingly leveraging technology to scale their operations and stay competitive. Yet, as Nigerian SMEs ramp up their digital activities, cyber risks increase alongside these opportunities. However, here’s a question every business owner needs to ponder: in this fast-paced digital world, is your business actually safe?

Cybersecurity is often regarded as a “big company” problem. Many small business owners believe they’re too small to attract cybercriminals, or they assume they don’t have the budget for robust cybersecurity measures. This couldn’t be further from the truth. In reality, small businesses are some of the easiest and most lucrative targets for cybercriminals because they often lack the necessary safeguards. A recent report by Verizon underscores this, revealing that 46 percent of all cyberattacks target small and medium-sized businesses. For hackers, SMEs represent low-hanging fruit that often go unnoticed—until it’s too late. In fact, Nigerian SMEs experienced an 87 percent increase in phishing attacks in 2022, compared to 37 percent in 2021. Additionally, Nigeria saw a 7 percent increase in ransomware attempts in the first half of 2023 compared to the previous year, according to Kaspersky. These figures show that ignoring cybersecurity can be costly for SMEs in an increasingly digital-first landscape.

Why SMEs are at greater risk today

Cyber risks have grown alongside digital adoption. Today, cybercriminals don’t need to conduct grand-scale attacks to profit; they know that many SMEs lack strong cybersecurity defenses, making them easy prey. And it’s not just hackers looking for massive data breaches. Increasingly, attackers are launching small-scale, highly targeted attacks aimed at extracting quick payouts. Cybercrime is a persistent challenge in Nigeria, with Nigerian businesses reportedly enduring an average of 2,560 cyberattacks per week, according to industry experts. Ransomware, phishing scams, and payment fraud have skyrocketed in the SME sector because these businesses are generally underprepared. With reports stating Nigerian businesses are among the most vulnerable, with ransomware attacks affecting nearly 71 percent of businesses.

Imagine what a ransomware attack could do to a small business. You wake up one day, fire up your laptop, and are greeted by a message demanding payment to unlock your files. Suddenly, all your customer data, order lists, contracts, confidential information, and financial records are held hostage. Many SMEs, unable to afford extended downtime, often end up paying the ransom, which only emboldens attackers to go after similar targets.

The high cost of digital insecurity

Now, let’s talk numbers. Global cybercrime costs are projected to exceed $10.5 trillion in 2024, according to recent reports. Nigeria, alongside South Africa, Egypt, and Kenya, accounts for 60 percent of the $4 billion annual cost of cybercrime in Africa, with Nigerian losses estimated at around $2.4 billion annually, and that’s just the financial toll. For a small business, this can mean the difference between survival and bankruptcy. There’s also the damage to reputation and trust. Losing a customer’s data could mean losing their trust—and possibly future business. Unfortunately, small businesses don’t always recover from this loss. The Cisco 2023 Cybersecurity Readiness Index shows that 73 percent of consumers say they would stop doing business with a company that has had a data breach, a huge risk for SMEs that rely heavily on customer loyalty.

Despite the risk, a lot of SMEs continue operating under the assumption that they’re “too small to matter.” But here’s the kicker: the majority of cyberattacks happen not because businesses are specifically targeted but because they’re simply vulnerable. An automated hacking tool scanning the web for weak points doesn’t care whether a business is big or small. It cares about how easy the target is. As Nigeria saw a 64 percent increase in data breaches in the first quarter of 2023, according to Business Insider, it’s clear that being small or local doesn’t mean being safe. The risks are real, and the consequences can be devastating.

Building resilience on a budget

So, what can a small business do? Yes, it is true budgets are tight. But strengthening your cybersecurity doesn’t have to break the bank. It’s about making thoughtful investments in the right areas and understanding that even small steps can make a big difference.

Start by strengthening your basics. Enable two-factor authentication (2FA) across all accounts. This is a simple step that makes it significantly harder for hackers to break into accounts, even if they have somehow got a hold of your password. Next, train your team—cybersecurity isn’t only a tech issue; it’s also a people issue. Studies show that human error contributes to 95 percent of cybersecurity breaches, which highlights the importance of employee training. Many cyberattacks succeed because someone accidentally clicks on a malicious link or downloads a harmful attachment. By providing basic training on how to recognise phishing emails and suspicious links, you can reduce the risk of human error.

Regular backups are also crucial. In the event of a ransomware attack, having a recent backup means you won’t have to pay to get your data back. Recognising the need for stronger defences, even major Nigerian financial institutions are ramping up their investments in cybersecurity and technology. For example, GTBank, Access Holdings, Zenith Bank, and Fidelity Bank are channelling portions of their capital raise proceeds—up to 20-26 percent—toward technology upgrades and cybersecurity. While banks might have larger budgets, the message is clear: investing in security is essential for resilience. SMEs, too, can take similar steps within their own means. Consider investing in reputable security software; there are solutions designed for small businesses that won’t hurt your wallet. And this investment could potentially save you from a devastating loss.

A business responsibility, not an IT problem

Cybersecurity should be viewed as a fundamental part of running a business, not as an added IT expense. Just like you wouldn’t leave your shop’s doors unlocked overnight, you shouldn’t leave your digital doors open for anyone to walk in and grab anything they want. Cybersecurity today is a matter of business survival, particularly in a digital-first world.

Ultimately, understanding cyber risk and prioritising cybersecurity measures is an investment in your company’s future. The digital transformation journey can open incredible doors for SMEs, helping them reach new customers and deliver better services. But with these opportunities comes a responsibility to protect the digital assets, data, and trust you build along the way. The commitment of Nigerian banks to allocate significant portions of their capital toward cybersecurity (N205.98 billion) underscores that cyber resilience is a business priority. SMEs can apply the same principle on a smaller scale, treating cybersecurity not as an added expense but as a crucial component of business strategy. Embracing cybersecurity is not about fear—it’s about being proactive, informed, and resilient. The stakes are high, but so are the rewards for those who prepare.

So, the next time you consider expanding your digital presence, ask yourself: Is my business truly safe? If the answer isn’t a confident “yes,” then it’s time to make cybersecurity part of your business plan. Because in today’s world, every business is in the business of cybersecurity.

Jonathan is a Cybersecurity Architect with years of experience working with SMEs and large enterprises. He can be reached at [email protected]

Join BusinessDay whatsapp Channel, to stay up to date

Open In Whatsapp