Marsh highlights cybersecurity gap between SMEs and large organisations in the EU

Marsh, a global insurance broker and risk advisor and a business of Marsh McLennan, has released findings revealing that small and medium-sized enterprises (SMEs) in the European Union (EU) are, on average, 15% behind larger organisations when it comes to cybersecurity controls.

The report, “Why the Cybersecurity Gap Between SMEs and Large Organisations Matters,” published by Marsh, highlights the challenges SMEs face in achieving cyber resilience compared to larger organisations.

The analysis covers 320 organisations across the EU, segmented by annual revenue: SMEs with less than €51 million, mid-sized organisations with revenue between €51 million and €250 million, and large organisations with revenue exceeding €250 million.

Marsh’s Cyber Self-Assessment tool provided the data used to examine the implementation of 12 key cybersecurity control categories.

According to Marsh, large organisations have been more effective at implementing cybersecurity controls than SMEs. Large organisations scored an average of 80% in applying the 12 cybersecurity controls, while SMEs averaged 65%. For example, 91% of large organisations require multi-factor authentication for remote logins, compared to 75% of SMEs.

The report also indicates a critical gap in incident response plan testing, with only 40% of SMEs conducting regular tests, compared to 61% of large organisations.

Despite some advancements in incident response, SMEs and mid-sized businesses continue to lag behind. The report also highlights significant industry differences, with 85% of finance SMEs providing cybersecurity training for employees, while only 58% in manufacturing do the same.

Marsh stresses the importance for SMEs to engage with the rapidly growing cyber insurance market, as many are currently either uninsured or underinsured, leaving them vulnerable to cyber risks. While traditional barriers to accessing adequate coverage have existed, recent innovations in the market now offer SMEs an opportunity to close this protection gap.

Gamze Konyar, Head of Cyber, Marsh Europe, commented: “SMEs are vital to national infrastructure, and their cyber vulnerabilities can lead to financial losses and data breaches, threatening economic stability and public trust.

As an integral part of the supply chain, they can also pose risks to larger companies. It is imperative to enhance collaboration to bridge the cybersecurity gap for SMEs and to develop tailored solutions from the insurance market.”

Typhaine Beaupérin, Chief Executive Officer, Federation of European Risk Management Associations (FERMA), added: “As cyber threats continue to evolve, this report shows the urgent need for all organisations, particularly SMEs, to strengthen their cybersecurity measures to ensure resilience.

“It calls for increased awareness, education, and support for robust cybersecurity practices, urging key stakeholders—governments, industry associations, and larger organisations—to provide resources and collaboration opportunities to enhance SME cyber resilience.”

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.