EU small and medium-sized enterprises face greater challenges in terms of resilience to cyber attacks than large organisations, but by comparison the latter are 15% behind when it comes to cyber security controls. This is according to a report by Marsh & McLennan, which analyses the cyber resilience gap between 320 SMEs and medium and large organisations across the EU. Larger organisations are more effective than SMEs at applying cyber security controls, achieving an 80% score on 12 cyber security controls, compared to an average of 65% for SMEs. In particular, 91% of large organisations require multi-factor authentication for remote logins, compared to 75% of SMEs. The report also highlights the urgent need to improve testing of contingency plans, with only 40% of SMEs conducting these, compared to 61% of large organisations.

Gamze Konyar, Head of Cyber at Marsh Europe, said: ‘SMEs are critical to national infrastructure and their cyber vulnerabilities can lead to financial losses and data leaks, jeopardising economic stability and public trust. As an integral part of the supply chain, they can also pose risks to larger organisations. It is imperative that we work together to address the cybersecurity gap in SMEs and develop tailored solutions from the insurance market.’