Exclusive: SMEs and COVID-19 – A cybersecurity story


Share this content


Coronavirus has hit the world economy hard. All G20 countries except China have suffered recession and the world economy is predicted to shrink by 4.5% this year according to the OECD. One key feature of the crisis has been the acceleration of cyber threats and their impact on businesses and individuals during the ‘new normal’ created by the pandemic.

The coronavirus crisis has showed us just how reliant we all are on digital solutions and hence on cybersecurity and how much we need it for a digital world (especially with the rise of distributed workforces). Cybercriminals have not been idle during the pandemic: Europol found that malicious cyber activity has increased by a factor of four during the pandemic.

As businesses and citizens increasingly rely on digital solutions, enlarging the attack surface, the nature of the threat is also changing, with cybercriminals exploiting fear, uncertainty and unprecedented situations. For organised crime, cybercrime represents an alternative to physical crime as it can easily be conducted during a lockdown with limited resources thanks to its asymmetricity.

SMEs under pressure

However, the widescale move to teleworking and digital ways of doing business has created a strong political momentum at the European level to nurture and sustain Europe’s accelerating digital transformation. This development is very timely given the advanced scale and evolution of the threat which puts European businesses and in particular SMEs under pressure.

SME Challenges

Small, medium and micro enterprises are so important because they represent the backbone or the ‘long tail’ of the European economy; 99% of all businesses in the EU are SME, employing 100 million people and accounting for more than half of Europe’s GDP. Securing these companies from malicious cyber activity is of paramount importance for Europe’s economic and societal health.

However, the cybersecurity early stage growth companies and SMEs which could grow into big market players and help provide the necessary protection for other SMEs, face unique challenges:


The population of the continent of Europe is over 750 million people, there are over 40 countries, perhaps over 200 languages and dialects spoken in total. In that context, fragmentation is always going to be a challenge for any market. This is particularly the case in the cybersecurity market as it has not yet reached full maturity.

This is a market with a high compound annual growth rate through to 2023 (11%), but SMEs and early stage growth companies still struggle to consolidate their market position due to this fragmentation. Information asymmetries compared to larger companies and a lack of market visibility are two key factors holding back these small players.


The complex and fragmented nature of the cybersecurity market combined with the lack of sufficiently large structural programmes is leading to an annual funding gap of over €4 billion in 2019 in Europe compared to the USA. European cybersecurity start-ups receive just one sixth of the funding of their US equivalents, while Israeli cybersecurity start-ups receive similar amounts to those of the whole European continent. These companies lack specialised growth capital as well as international marketing and business skills that would allow them to fully reach their true potential.

Business models

With access to finance lacking, small companies can experience cash flow issues, particularly in the event of severe business disruption like in the case of COVID-19.  It’s crucial for cybersecurity solution providers to ensure continuity or large integrators will be wary of purchasing their products. These integrators cannot support the risk of discontinuation of solutions, particularly for the most sensitive applications, which demand several years of support and patches. The pandemic has shown the dangers of relying on imported hardware as supply chains can break down and imported solutions more generally may carry the risk of ‘back door’ vulnerabilities.

Bringing in ECSO

Given all these challenges, the landscape may be daunting for SMEs. SMEs may not always be sufficiently large, but neither are they helpless. They are not alone in the struggle for a cyber resilient digital Europe because ECSO is there to support them.

European Cyber Security Organisation (ECSO) is a not-for-profit organisation, established in 2016 as a contractual Public-Private Partnership with the European Commission. ECSO unites more than 260 European cybersecurity stakeholders, including large companies, SMEs and start-ups, research centres, universities, end users, operators, associations, as well as regional and national public administrations.

ECSO is the recognised and privileged institutional partner of the European Institutions through its public-private partnership status. The organisation’s ‘value-add’ stems from supporting the institutional approach whilst also being a key facilitator of trust in the market; this allows ECSO to convene high level conversations which help federate the European cybersecurity community.

ECSO’s fundamental vision is a cyber resilient digital Europe. To do that means closely supporting both SME users and providers of cybersecurity. ECSO has been instrumental in supporting stabilisation efforts for European business at the outbreak of the coronavirus pandemic through its Cybersecurity Response Package and providing actionable recommendations for institutional stakeholders as well as businesses and individuals.

Additionally, next month ECSO will release its pioneering Cybersecurity Made In Europe Label. The key purpose of the ‘Cybersecurity Made in Europe’ Label is to serve as an industry-driven marketing instrument to promote qualified European-based cybersecurity companies and increase their commercial exposure far beyond their traditional home markets.

Even more ambitiously, ECSO is currently initiating the creation of a €1 billion Cybersecurity Investment Platform in conjunction with European private investors. This platform or ‘Fund of Funds’ seeks to leverage cutting-edge European research in cybersecurity to boost market adoption and support SMEs and start-ups to achieve their full potential.

But ECSO doesn’t just stop there. On top of being a recognised stakeholder on standardisation and certification at the European level, we collaborate with our members to design, launch and promote plenty of other close to market initiatives in education, skills, inter-regional collaboration, R&I and security of critical infrastructures in our quest for a cyber resilient digital Europe. To be continued…

Luigi Rebuffi

By Luigi Rebuffi, Secretary General, European Cyber Security Organisation (ECSO)

Receive the latest breaking news straight to your inbox