High Tech SME Cyber Resilience: chains, networks, and ecosystems. What motivates SMEs to join in shared cyber teams?

• In Event: Cybercrime Working Group - Victimization & Resilience 1

Abstract

SMEs are facing a growing variety of cyber-attacks.
These attacks are still handled as incidents. As these attacks are often orchestrated by organized crime groups, it becomes urgent to raise cyber awareness and create knowledge among SMEs. Furthermore, as organized crime groups start to hit OEMs and SMEs in their supply chain, it becomes necessary to cooperate.

Interestingly, this urgency to cooperate opens opportunities as well to learn, share intelligence and expertise, and deploy specific resilience measures collaboratively. In this perspective, investments to raise cyber resilience could be part of business continuity investments and investments in product- or business process innovation.
This paper presents the results from three different studies. The first study addresses opportunities for shared expertise and shares CISO functions in supply chains, investments in their infrastructure and governance. The second study focuses on an EU-sponsored initiative to develop digitally resilient ecosystems wherein major municipalities, bigger companies and public authorities that are seen as ‘critical digital infrastructure’ take the lead and create a trusted environment for sharing of intelligence and lessons learned for SMEs: the case of Digital Resilient Breda. The third study focuses on awareness creation, addressing the reasoning of SMEs as to why they do not engage or would be willing to engage in cyber resilience measures.

Authors

• Esger ten Thij, Avans University of Applied Sciences

• Ben Kokkeler, Avans University of Applied Sciences

• Rick van der Kleij, Avans University of Applied Sciences / TNO