Skip to main content
Home » Business Resilience » Why small businesses should learn the skills to improve their cybersecurity

Donna O’Shea

Chair of Cybersecurity, Munster Technological University (MTU),
and Project Lead, Cyber Skills

All businesses are at significant risk of cyberattack — including SMEs. However, they can protect themselves with the right training and a more proactive cybersecurity approach.

Most small and medium-sized enterprises (SMEs) are only too aware of the risks of cyberattack, notes Donna O’Shea, Chair of Cybersecurity at Munster Technological University (MTU) and Project Lead at Cyber Skills — a nationally-funded project which aims to address the cybersecurity skills shortage.  

Rising cybersecurity threats to SMEs 

According to the cybersecurity consortium SMESEC, 60% of all cyberattacks in 2016 were aimed at small businesses. What’s more, 60% of SMEs who fell victim to attack did not recover and shut down within six months. 

Despite these statistics, SMEs don’t always address cybersecurity matters properly — and for various reasons. 

“Some business owners may lack the confidence and technical abilities to respond to cybersecurity risks,” says O’Shea. “Others downplay the issue and ask: ‘Who would try to hack my business anyway?’ But if their database of clients’ personal information suffers a breach, that’s a major GDPR compliance issue.”  

There’s also a lot of cognitive dissonance surrounding this topic, admits O’Shea. “There’s a tendency for SMEs to think: ‘Yes, our business is at risk — but we’re going to forget about it.’ We need to change their mindset to: ‘Yes, our business is at risk — but we can respond to it properly with the right skills and training.” 

60% of SMEs who fell victim to attack did not recover and shut down within six months.

Removing the mystique around cybersecurity 

Cyber Skills has developed Cybersecurity for Business — a relatable workshop series delivered by industry experts. This has been designed to provide business owners with the key knowledge and skills to protect themselves against cyberattacks and remove some of the mystique surrounding the subject. 

Being proactive about cybersecurity 

For too long, businesses have been taking a ‘defensive and reactionary’ approach to cybersecurity — with firewalls, intrusion detection systems and anti-viruses doing all the heavy lifting. While these are all important safety measures to have in place, by the time a system reacts to a breach, the damage has already been done.  

“Instead, we urge businesses to take a ‘predictive and responsive’ approach to cybersecurity,” explains O’Shea. “The workshops help them identify where their biggest risks of attack might be. We apply well-known models, tools and techniques and show SMEs how to create an incident response plan and a business continuity plan — tailored to their needs — so that, in the event of an attack, they can get up and running again as quickly as possible. Ultimately, businesses must start thinking about cybersecurity in a more structured and proactive way.” 

Manage Your Cyber Risk

Manage cyber risk at your small business with our three short workshops. This non-technical course is for small business owners and staff. Learn how to educate your team and reduce your cyber risk.

For more information and to register your interest, please visit

Next article