Marsh & McLennan Advantage Insights logo
Conversations and insights from the edge of global business
Menu Search

BRINK News is transitioning to This Moment platform on as of March 31, 2023. Read the update here.


Cyber Risk Awareness Rises for SMEs

An increasing number of small- and medium-sized enterprises (SMEs) are realizing that no company is too small be victimized by hackers, according to a recent report.

Just 10 percent of SMEs surveyed this year thought their businesses were too insignificant to be targeted by hackers. The percentage thinking this has almost halved since last year (17 percent in 2015), according to Zurich Insurance Group, which conducted the survey of 2,600 C-suite executives and managers across 13 countries in Europe, the Americas and Asia-Pacific.

SMEs are vital to the global economy and dominate the business landscape. Estimates suggest that 95 percent of all businesses in the world are classified as SMEs. In addition, these companies account for nearly 60 percent of all private sector jobs. The economic contribution from SMEs is substantial but varies widely, from 16 percent of gross domestic product (GDP) in low-income countries to 51 percent in high-income countries.

The biggest fears resulting from cybercrime among those surveyed were the theft of customer data (27 percent) and reputational damage (20 percent). Those fears were followed by monetary theft (15 percent), business disruption (15 percent) and malicious identity appropriation (12 percent). The fastest-growing cybercrime concerns came in the areas of reputational damage and monetary theft, both rising 4 points compared with last years’ survey, Zurich said.

SMEs also appear to be less confident that they have enough protection in place to thwart cybercrime, as confidence in IT systems fell to less than 5 percent from 8 percent last year.

“With the number of high-profile cybersecurity breaches in the media over the last year, it is not surprising that the risk awareness amongst SMEs has grown significantly,” said Lori Bailey, Global Head of Special Lines at Zurich, in a statement, noting that it’s “alarming that the vast majority of SMEs do not have the appropriate cybercrime protection measures in place.”

The dramatic changes brought on by technology are impacting businesses, infrastructure and systems globally, Bailey said, which are “resetting the traditional expectations of risk management and its approaches across companies of all sizes.”

Global attitudes towards cyber risk are revealing; however, there are significant regional differences in those attitudes.


Reputational damage appeared as fast-rising concern stemming from a cyber attack for European companies, landing in third place on the list of concerns, up from sixth place in 2015. The leading concerns of European SMEs are theft of consumer data and reputation damage (26 percent and 16 percent, respectively), which falls in line with the global trend. In addition, 17 percent of European SMEs worried that cybercrime would lead to business disruption of some kind.

United States

U.S. businesses were most concerned about theft of customer information and monetary loss (23 percent and 21 percent, respectively). While concerns about reputational damage increased from 10 percent in 2015 to 15 percent in 2016, of all the regions surveyed, U.S.-based SMEs still remain the least concerned about the issue. Meanwhile, worries over the malicious use of identity from a cyber breach dropped from 16 percent in 2015 to 12 percent this year.

Latin America

Concerns about reputational damage are on the rise in Latin America, up to 23 percent from 19 percent in 2015. The fastest-growing concern in the region stems from a fear of third-party lawsuits related to a cybercrime, which tripled year-on-year to 6 percent versus 2 percent in 2015. “One reason for the concern is that 6 percent of businesses [in the region] still believe they have fully functioning cyber protection measures in place, but the percentage of those that think this way nearly halved compared with 2015,” Zurich said. However, 10 percent of Latin American SMEs haven’t given thought to the ramifications from a cyber attack and currently have no opinion on it, the survey said.


Among all the regions surveyed, Asia-Pacific is the most concerned about the potential for reputational damage (32 percent). The same percentage of SMEs are worried about potential theft of customer data. “It is remarkable to note,” Zurich said, that concerns about monetary loss among those SMEs surveyed in Asia-Pacific more than doubled in 2016 compared with last year. As a sign of increasing awareness about cyber attacks, 10 percent of SMEs in the region believed they were too small to be the target of hackers, compared with 23 percent that held that belief in last year’s survey.

Get ahead in a rapidly changing world. Sign up for our daily newsletter. Subscribe