Surviving the Digital Realm: Cybersecurity for SMEs and Startups

Compared to large enterprises, startups and SMEs often encounter limitations in cybersecurity resources and capabilities, rendering them more vulnerable and appealing targets. This disparity in cybersecurity preparedness underscores the importance of identifying the challenges and opportunities such organizations have in the realm of cybersecurity.

Mexico is the country that experienced the most cyberattacks in Latin America, according to Fortinet, a trend that is expected to continue. The primary targets are frequently private companies, with SMEs comprising 99.8% of this demographic, as reported by INEGI in 2019. Given their cumulative economic significance, it is imperative that SMEs and startups in Mexico prioritize cybersecurity. Despite strides made in creating awareness regarding cybersecurity importance within these entities, substantial challenges persist. "As the value of SME data increases, they become much more enticing for attackers. As they grow technologically, they inevitably have more external integrations in their daily operations, and their entire technology stack becomes much more fragmented,” says Paolo Rizzi, Co-Founder and Director of Technology, Minu.

SMEs in Mexico are vital economic engines as they generate about 75 percent of jobs and contribute more than 50% of the GDP. Hence, the urgency for a culture of cybersecurity, starting with owners and decision-makers, as well as each employee who uses a computer for any activity within the company, as previously reported by MBN.

Víctor Lima, CTO, UnDosTres, says SMEs and startups often struggle to survive a cyberattack due to their size. SMEs have limited capital, so knowing how to focus it is crucial. He adds that SMEs and startups must ask how they can mitigate as much damage as possible with the least amount of spending.

Operating on tighter budgets, these SMEs often lack dedicated cybersecurity teams or adequate resources. This constraint has a cascading effect, hindering their ability to invest in training, procure comprehensive cybersecurity tools and solutions, and comply with regulatory requirements and industry standards such as the Personal Data Held by Private Parties (LFPDPPP). As a result, these challenges significantly impede SMEs' capacity to safeguard themselves in an ever-evolving threat landscape.

If left unaddressed, SMEs risk being marginalized or left behind, underscoring the urgent need for proactive measures to bolster their cybersecurity resilience. Despite their limited resources, however, Omar Herrera, CISO, Stori, notes that SMEs and startups can leapfrog several generations in terms of infrastructure to tackle cyber threats if guided properly. "On the other hand, larger companies may have more and thick cybersecurity layers that may not always be up to date. It is much more difficult to protect something that is not new,” adds Andrew James Devlyn, Co-Founder and Director of Operations, Fairplay.

Experts emphasize the crucial role of proper training for SMEs’ workforce. Enrique, CEO, Rankmi, says that startups can even be more secure than larger companies initially. However, as they grow, this can change. In many cases, leaks are not due to the services used but to human errors. There is a much greater need for management, and technology already exists to address this.