Govt should incentivise SMEs in building & maintaining cyber resiliency

Small and medium enterprises (SME) perpetually worry about the costs of everything in order to keep their business running.

When their computers do down, their productivity can slow to a crawl or stop entirely. Recovering the data would be very costly especially when they don't have backups or regular backup of their system. They would end up paying their employees for a day or days when they can’t get anything accomplished. The costs of downtime can be monumental when combined the lack of production and harm to their reputation. In surveys done in the developed countries, it is estimated that 60% of these SMEs go out of business after their operations were hacked by cyber criminals.

The current trend is that cyber criminals are increasingly targeting the supply chains populated by the SMEs instead of the large organisations as they know that these SMEs placed low priority on building their cyber resilience. The supply chain provides almost

'instantaneous' access for the cyber criminals to 'go into' the larger organisations with lesser difficulties.

Because of this trend, larger organisations are now beginning to demand that vendors in the supply chain undertakes and maintain a cyber resilient framework in their organisation failing which they would NOT be allowed to provide supplies to these larger organisations.

SMEs however, are constrained by costs, in installing and maintaining the necessary hardware and software to meet the required cyber resiliencies demanded by the larger organisations. Even if these SMEs can afford to do so, they are constrained by the lack of available and experienced cybersecurity analysts to assist and help them. This particular constraint affects not only SMEs but larger organisations also in Malaysia. In fact it is a problem across the world.

In one survey, 60% of the SMEs go out of business after their operations were hacked by cyber criminals.