EU SMEs trail larger organizations in cybersecurity controls by 15%, reveals Marsh
Marsh, the world’s leading insurance broker and risk advisor and a business of Marsh McLennan (NYSE: MMC) today revealed that the cybersecurity controls of small and medium-sized enterprises (SMEs) across the European Union (EU) lag behind larger organizations by an average of 15%.
Marsh report - Why the Cybersecurity Gap Between SMEs and Large Organizations Matters.pdf
PDF 4.0 MB
The report, Why the Cybersecurity Gap Between SMEs and Large Organizations Matters, highlights that SMEs face significant challenges in achieving cyber resilience compared to larger organizations. It analyzes the cyber resilience gap among 320 SMEs, mid-cap, and large organizations across the EU – defined by annual revenues of less than €51 million, between €51 million and €250 million, and over €250 million – using data from Marsh’s Cyber Self-Assessment tool, and focuses on the implementation rates of 12 cybersecurity control categories.
The report indicates that large organizations implement cybersecurity controls more effectively than SMEs. Large organizations scored 80% across 12 cybersecurity control categories, while SMEs averaged 65%. Notably, 91% of large organizations require multi-factor authentication for remote logins, compared to 75% of SMEs. The report also highlights a critical need for improved incident response plan testing, with only 40% of SMEs conducting tests, compared to 61% of large organizations. Despite enhancements in incident response capabilities, SMEs and mid-cap organizations lag behind. Additionally, there are significant industry differences: 85% of finance SMEs require cybersecurity training for employees, while only 58% in manufacturing do.
The report underscores the need for SMEs to engage in the rapidly expanding cyber insurance market, as many are currently uninsured or underinsured, leading to a significant protection gap. While historical barriers have restricted access to adequate coverage, recent innovative market solutions present SMEs with an opportunity to close this insurance gap.
Gamze Konyar, Head of Cyber, Marsh Europe, said: “SMEs are vital to national infrastructure, and their cyber vulnerabilities can lead to financial losses and data breaches, threatening economic stability and public trust. As an integral part of the supply chain, they can also pose risks to larger companies. It is imperative to enhance collaboration to bridge the cybersecurity gap for SMEs and to develop tailored solutions from the insurance market.”
Typhaine Beaupérin, Chief Executive Officer, Federation of European Risk Management Associations (FERMA), added: “As cyber threats continue to evolve, this report shows the urgent need for all organizations, particularly SMEs, to strengthen their cybersecurity measures to ensure resilience. It calls for increased awareness, education, and support for robust cybersecurity practices, urging key stakeholders—governments, industry associations, and larger organizations—to provide resources and collaboration opportunities to enhance SME cyber resilience.”
More info:
RCA I Charlotte Ries (FR) I Tel. +32 489 32 71 00 I charlotte.ries@rca.be
RCA - Jochem Goovaerts (NL) - jochem.goovaerts@rca.be
About Marsh
Marsh, a business of Marsh McLennan (NYSE: MMC), is the world’s top insurance broker and risk advisor. Marsh McLennan is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $23 billion and more than 85,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marsh.com, or follow us on LinkedIn and X.