Top 3 Cyber Vulnerabilities SMEs 2021

07 okt 2021
Auteur: ThreadStone Cyber Security

The Hague, 6 October 2021 – In the context of the European Cyber Security Month, ThreadStone Cyber Security comes up again with a top 3 of vulnerabilities experienced by SMEs.


To keep paying attention to digital resilience, ThreadStone comes up with a top 3 of most common vulnerabilities experienced by SMEs. This top 3 is based on the total of anonymised findings of ThreadStone during the carry out of zero measurements in the first three quarters of 2021. The emphasis is on companies with a size of 15 – 2500 employees.


Top 3 vulnerabilities Cyber Security SMEs 2021


  1. Absence of policy.
  • Employees don’t know what is expected of them in relation to the Cybersecurity and information security fields. When entering or leaving employment, no explanation is given and in the meantime, only ad hoc explanation and adjustments take place about what the expectations are regarding information security.
  • There is no prepared incident plan. Many organisations are dependent on ‘luck’ or ‘practical thinking’ when an accident occurs.
  • Cybersecurity is often only accommodated at the IT department or person in charge. As a result, in many organisations it is limited to only technical measures.


  1. Lack of insight.
  • There is no overview of devices and software connected to the network. The result is that many of these devices still have the standard passwords, security is sometimes missing it all, and patching/updating lags behind. Furthermore, there is no insight into who uses the network.
  • The same counts for public IP addresses and websites: organisations don’t know which internet doors they have, while this is one of the simplest ways of attack (besides or combined with phishing).


  1. Cloud application security is not well stressed.
  • Cloud applications have different security requirements compared to on-premise How do you authenticate and authorize, who ensures regular checks, how is the backup arranged, and how does the supplier have its security, backup, and recovery arranged? These are important questions that should require a direct answer, something which is often not the case in practice.


‘’We see that risk awareness is growing,’’ says René van Etten, general manager of ThreadStone. ‘’That is also prompted by chain operation: large customers ask how Cybersecurity and IB are regulated. We also notice, especially among medium-sized companies, that accountants are starting to ask more and better questions about this. And finally we notice the fear of ransomware in more and more organisations. Yet for many companies it is still not self-evident to approach cyber risks as a strategic, financial and operational risk. And to take appropriate measures in the field of policy, technology and human behaviour.’’


When it comes to cyber resilience and potential vulnerabilities, the eyes are often focused on larger organisations. ThreadStone Cyber Security believes it is important to also make SMEs digitally more resilient. The threat and impact are just as big here as in the corporate world market, but budgets are lower. Moreover, 43% of entrepreneurs do not know what they should do if they are victims of cybercrime. If it happens, damage of 50.000 euros or more is no exception. ThreadStone therefore focuses on pragmatic and affordable cybersecurity measures for SMEs.


Read the full press release here:


Betrokken HSD partners