Why should anyone target us?

Why should SMEs be interested in cybersecurity awareness

“Why should anyone target us?” is a common sentiment amongst small and medium-sized enterprises (SMEs) when it comes to cybercrime. Many still believe they are not attractive targets for criminals. However, statistics tell a different story: cybercrime is on the rise and becoming an increasing threat to businesses – including SMEs. Here, we provide an overview of the state of cybercrime in Austrian businesses and SMEs, and demonstrate that cybersecurity awareness is relevant to all.

Ransomware: an escalating threat to SMEs

According to the Austrian Federal Criminal Police Office, nearly 46,200 cybercrime offenses were reported in 2021. Five years prior, this figure stood at 16,804. As in previous years, the majority of these offenses were categorized as Internet fraud, which encompasses a variety of activities such as investment fraud, false promises of winnings, and fake online shops.

Many of these cybercrimes target individuals, but the Federal Criminal Police Office has also noticed significant increases in areas that are relevant to businesses. This is particularly true for ransomware attacks: “Attacks are primarily directed against small and medium-sized enterprises (SMEs) rather than individuals, keeping the risk potential high for the Austrian business landscape,” states the Cybercrime Report. Primary attack methods include, among others, emails with harmful attachments.

Human: the primary attack factor

Unsurprisingly, Austrian companies themselves have noticed an increase in cyber attacks. 42% of Austrian companies have observed a (strong) increase in cyber attacks. 12% of cyber attacks were “successful”. More than half (55%) of the companies also say that cyber attacks threaten their business existence. This is revealed in the “Cyber Security in Austria 2023” study, conducted by KPMG Austria GmbH and the Competence Center Safe Austria.


The surveyed companies were primarily confronted with phishing attacks, CEO fraud, and social engineering. In these types of fraud, criminals manipulate employees to access data or money.


Therefore, the human factor is central to attacks. Or as stated in the study: “The pendulum swings back from technology to people compared to last year. They are the focus, as they are the entry point for many cyber attacks.”

80% of Austrian SMEs report cyber attacks

While the above-mentioned study was conducted in both small and large companies, a study carried out by the Austrian Road Safety Board (KFV) in 2019 gives an insight into Austrian SMEs: “Austria’s corporate structure is strongly characterized by SMEs, with over 99% of Austrian companies defined as such. It can therefore be assumed that these companies have also had diverse experiences with cybercrime,” it says.


In the study, 80% of the surveyed SMEs report attempts at attack, and 39% report actual damage. The financial damage ranged from 130 to up to 150,000 Euros per company. However, many of the SMEs did not provide information about their financial losses. Unsurprisingly, phishing attacks also dominate among SMEs.


Two key conclusions can be drawn from these figures:

1.) SMEs are significantly affected by cybercrime.

2.) Criminals exploit employees for cyber attacks.

Nevertheless, Austrian companies predominantly try to ward off attacks through technical measures. Continuous and effective training is far less common. One reason for this: particularly in small companies, resources to train employees about the dangers of cybercrime are lacking.

To support SMEs in particular, we have developed…

C4SAM. For the Budget of SMEs we provide with a solution that helps to support digital infrastructures, detect vulnerabilities and internal or external attacks, whether IT, OT, IoT or IIoT.

Our solution is easy to use, cost efficient and covers all important topics around security and GRC.

Find out more here:

Source: https://www.gartner.com/en/newsroom/press-releases/2023-03-28-gartner-unveils-top-8-cybersecurity-predictions-for-2023-2024?fbclid=IwAR1LnEiq3Y7AlSOKDF-kG1EJdj6aaufLO0tKJBzeCptUSSzGacrm8pWuDDc

Other blog posts


The new NIS 2 Regulation Companies and authorities need to...

Read More