1st cybersecurity barometer for SMEs in Hauts-de-France

• 80% of SME managers in the region consider their company's cybersecurity to be very important, if not vital.
• 4 out of 5 SMEs do not have an in-house cyber expert, and only 5% plan to recruit one by 2023.
• 2/3 of SMEs say they have no dedicated insurance to cover this risk.
• In the event of an attack, almost 90% of managers expect to turn to the Gendarmerie or the Police to help manage it.
• In order to invest more, managers expect tools adapted to the size and stakes of their company (60%) or financial aid (47%).

CAMPUS CYBER Hauts-de-France Lille Métropole and EC Tech, in partnership with Hauts-de-France Innovation Développement (HDFID), unveil the findings of the 1st Cybersecurity Barometer* survey of SME managers in the Hauts-de-France region. The aim of the survey is to assess the current cybersecurity situation within the region's small and medium-sized businesses, and to identify the support actions needed to strengthen their protection.

The results of the barometer highlight the crucial importance of cybersecurity for SMEs in the Hauts-de-France region. In fact, 80% of business leaders consider cybersecurity to be very important (49%) or even vital (30%). These figures underline the growing awareness of the risks associated with digital security.

The study also reveals that 15% of SMEs surveyed had, to their knowledge, fallen victim to a cyber attack in 2022. These attacks took a variety of forms, the three main ones being: fraudulent transactions, disabling or altering company communication tools, and destroying, modifying or altering data. The top three attack methods used were phishing, identity theft and indirect attacks via the IT systems of partners, service providers or suppliers.

The main consequences of these attacks identified by the executives surveyed were an impact on the company's business and finances, as well as on its image and operations.

Varied prevention strategies, but resources often outsourced

Despite these risks, and despite a real awareness of them, the barometer reveals that the majority of SME managers in the region delegate the task of preparing for this risk. In fact, 81% of them do not have their own in-house cybersecurity specialists.

To date, only around a third have carried out a cyber audit, and 58% rely on external service providers to handle their online protection. The most current expenditure is on software and hardware (69%), and efforts have been made in terms of employee awareness and communication campaigns (57%).

By 2023, SME managers expect to be working internally on cybersecurity-related issues (72%), notably through employee awareness campaigns (65%).

The barometer results show that SMEs need additional incentives to invest more in cybersecurity. The main expectations mentioned include technical tools adapted to the size and stakes of the company, subsidies or financial incentives, as well as personalized support from qualified players.

Insurance, the cyber blind spot for SMEs

As far as insurance is concerned, over 2/3 of SMEs surveyed have not yet taken out a specific cybersecurity insurance policy. The main reasons cited include reduced insurance coverage, high premiums or deductibles, refusals or high requirements on the part of insurers, and a lack of awareness of the usefulness of insurance.

In the event of an attack, SME managers would turn to the Gendarmerie and the Police (88%), their external IT service provider (25%) and only 16% of respondents would turn to their insurance.

The results of the 1st Cybersecurity Barometer for SMEs in the Hauts-de-France region indicate the need to strengthen awareness, information and resources dedicated to cybersecurity within the region's SMEs. Concrete actions, such as awareness campaigns, tailored training and financial support, are essential to improve SMEs' resilience and online protection.

"The results of this barometer show that cybersecurity has become a real issue for the vast majority of our SMEs. This awareness is a welcome development, because in an increasingly digital and interconnected world, the risk is growing, sometimes with dramatic consequences. Nevertheless, we need to continue and even step up our awareness campaigns, and above all enable all organizations, whatever their size and activity, to protect themselves. Today, there are many systems and solutions within their reach. The CAMPUS CYBER Hauts-de-France Lille Métropole is there to help and support SMEs and their managers in these steps, and to provide them with the elements they need to ensure their cyber security". Florence Puybareau, Director of Operations, CAMPUS CYBER Hauts-de-France Lille Métropole

"SMEs are facing ever-increasing cyber security challenges. These challenges concern them not only in terms of their internal security, but also in terms of their ability to remain credible in this area in a subcontracting relationship.

ECTech's ambition is not only to help disseminate best practices among regional SMEs, but also to participate in the implementation of a cyber certification system that will enable companies to attest to their awareness of all cyber risks". Jean-Pierre Letartre, President of ECTech

"Cybersecurity has become a major issue over the years for all manufacturers in the Hauts de France region. HDFID is making its contribution by supporting companies via the Pass Cyber Conseil. This enables beneficiary companies to deploy an efficient IT security organization, by means of audits or technical assessment studies and recommendations". Antoine Macret, Director at Hauts-de-France Innovation & Développement.

_{*Methodology: The Cybersecurity Barometer for SMEs in Hauts-de-France is based on a questionnaire sent to the region's SME managers, via the ECTech and HDFID networks, between February and March 2023. 74 SME managers took part.}

About CAMPUS CYBER Hauts-de-France Lille Métropole
Operated by EuraTechnologies and supported by the Hauts-de-France Region, the Metropole Européenne de Lille and the European Union, the CAMPUS CYBER Hauts-de-France Lille Métropole aims to help secure the region by providing operational services, mobilizing key players, offering specialized training and promoting innovation in the field of cybersecurity.

About ECTech
Created within Entreprises & Cités by Groupe IRD, MEDEF Lille Métropole, MEDEF Hauts-de-France, Alliance Emploi and Emploi et Handicap, EC Tech aims to facilitate exchanges between SMEs and players in innovation, particularly digital, and to encourage their transformation in order to anticipate economic/societal/environmental change.

À propos d’Hauts-de-France Innovation Développement
Hauts-de-France Innovation Développement (HDFID) is responsible for raising awareness among entrepreneurs of the need to take initiatives, for coordinating the support system for the creation and acceleration of innovative companies, for helping to set up innovative projects, and for coordinating the research and innovation network in the Hauts-de-France region.