What is the impact of cybercrime on SMEs?

In all the regions of the world today, there are significant footprints of digitalisation, a new-fangled wave that is transforming economic, environmental and social activities.

Countries across the globe have become increasingly dependent on digital technologies – this phenomenon is enhancing access to education and healthcare, protecting biodiversity and generating additional revenue for businesses – in fact, all these changes are facilitated by the Internet of Things (IoT) technology.

With the widespread usage of the IoT technology which is a major driver of the digital transformation, the world is becoming increasingly connected – an outcome that has brought many economic opportunities.

For example, before the advent of IoT, customers of business entities, particularly small and medium-sized enterprises (SMEs), were mostly limited to the countries these companies were physically present in, but things have changed rapidly. Currently, this type of market is becoming a thing of the past – SMEs now have significant market share that extends beyond countries they operate in. However, while the digital transformation has presented SMEs with many opportunities for growth, unfortunately, cybercrime has turned this invaluable resource into a double-edged sword, a canker that has targeted the SMEs sector.

Highlights from the World Economic Forum’s Global Cybersecurity Outlook 2022 shows that within the global supply chain and ecosystem, SMEs are the most susceptible to cyberattacks – for this research which surveyed 120 global cyber leaders from 20 countries across the World Economic Forum Cybersecurity Leadership community and the Accenture Cybersecurity Forum, 88 percent of the respondents indicate that they are concerned about the cyber resilience of SMEs in their ecosystem.

Certainly, this outcome is not out of the blue, especially when cyberattacks on SMEs in the last 2 years has increased significantly. For instance, as of 2020, 55 percent of SMEs had experienced a cyberattack, with ransomware, social-engineering attacks and malicious insider activity being a thorn in the flesh of owners of SMEs – so this begs the question: ‘why have hackers targetted SMEs?’ In most cases, SMEs have few adequate cybersecurity systems to fortify them against cyber-attacks; as a result, hackers see these enterprises as low-hanging fruits, a condition that has been exacerbated by the COVID-19 pandemic.

To curb the spread of the coronavirus, governments around the world introduced lockdowns and implemented several other restrictions on travelling; these changes have pushed businesses and consumers to go online – relying heavily on e-commerce to purchase goods and services. According to a report (2021) from the United Nations Conference on Trade and Development (UNCTAD), these COVID-19 related changes have increased the share of e-commerce in global retail trade from 14 percent in 2019 to 17 percent in 2020, with majority of these transactions representing 62 percent of the global transactions occurring in Asia Pacific, followed by North America and Western Europe which account for the second and the third largest share, respectively.

The remaining share of the global e-commerce transactions value which is 6 percent is accounted for by three regions: Latin America, the Middle East and Africa. With the COVID-19 pandemic driving the surge in e-commerce and accelerated digital transformation, SMEs could only stay in business by altering their business models. This meant that SMEs had to rely more on data, network systems and the Internet to conduct their businesses – an arrangement that was not used frequently by most of these businesses prior to the outbreak of the COVID-19 pandemic. For some SMEs, particularly those in Least Developed Countries (LDCs), COVID-19 related changes such as working from home and relying solely on the Internet to conduct businesses is entirely new to them.

Also, compared to larger businesses, most SMEs do not have the budget to procure adequate cybersecurity systems to protect themselves against cyber-attacks. These deficiencies have presented an opportunity to cybercriminals as they constantly exploit the online and network vulnerabilities in the SMEs sector which is now a major threat to the global economy.

For example, with SMEs being the most affected, in 2021, cybercrime amounted to over US$6trillion – a figure that could rise to more than US$10trillion annually by 2025. To put this into perspective, this amount is larger than the GDP of advanced countries such as Japan, Germany, UK and France.

If this trend is allowed to persist, these financial losses attributed to cybercrime will continue to increase cost of operation, limit productivity in the SMEs sector, and eventually force some of these businesses to shut down permanently, leading to many job losses.

Admittedly, cybercrime in the SMEs sector has contributed in impeding inclusive growth, constraining innovation, pushing millions of people into poverty, and reducing global economic growth significantly. But for how long will the entire world allow this to thrive? Considered as the engine of growth for the global economy, it is quite unfortunate that SMEs have not been protected adequately from cybercrime.

According to the World Bank, SMEs represent about 90 percent of all businesses and provide more than 50 percent of employment worldwide – these social and economic gains make SMEs growth central to the global COVID-19 economic recovery, and key to achieving sustainable development.

However, all hope is not lost – with the United Nations now making preparations toward drafting a global treaty for cybercrime, at the country level, it is important for policy-makers to implement germane measures to protect SMEs, drawing lessons from countries making significant progress in this area.

For example, China, which is one of the leading countries making suggestions for the United Nations global treaty for cybercrime, has adopted punitive measures in addressing this problem. In 2021, the Chinese police investigated 62,000 cybercrime cases – a total of 103,000 suspected individuals have been arrested in connection to these cybercrimes with more than 27,000 Internet enterprises and institutions facing administrative penalties.

This is a step in the right direction in the fight against cybercrime – a move that will definitely protect SMEs. Other countries could also emulate these efforts from China; however, to achieve this will require equipping law enforcement agencies and other related institutions with high-quality cybersecurity systems and appropriate technological skills. To mitigate global cybercrime which is essential for protecting growth and innovation in the SMEs sector, countries around the world will have to understand that this task requires the collective effort of every country because cyberspace transcends borders.

About the Author

Alexander Ayertey Odonkor is an economic consultant, chartered economist and a chartered financial analyst with a Master’s degree in Finance and a Bachelor’s degree in Economics and Finance. Together with a stellar experience from the International Monetary Fund (IMF), Alexander holds postgraduate certificates from Harvard University, New York Institute of Finance, Massachusetts Institute of Technology (MIT), University of Adelaide, Curtin University and Delft University of Technology.

Alexander is also an author and columnist for the China Global Television Network (CGTN), The Brussels Times, The World Financial Review, China Daily, The Diplomat, The Business Standard (Bangladesh), Pakistan Today, The People’s Daily, Daily News (Sri Lanka) and the Business and Financial Times (B&FT). Some of his articles have also appeared in NTS Bulletin (Nanyang Technological University), NextBillion (University of Michigan), and several other top-notch publications.