Skip Navigation
BlackBerry Blog

COVID-19 Cybersecurity: Small and Medium Enterprises in Peril

The COVID-19 pandemic impacted organizations worldwide, but its effect on businesses was not equally shared. Small and medium enterprises (SMEs) with fewer than 500 employees were hit harder than larger organizations. The smaller security budgets of SMEs, and their more limited access to highly skilled cybersecurity professionals made navigating the pandemic more difficult.

Cybersecurity for SMEs

A recent McKinsey & Company research report divided SMEs into three categories representing their levels of IT-maturity. The report described the different types of SMEs as follows:

  • Limited Maturity – Small offices with less than ten full-time employees (FTEs) or small enterprises with up to 99 FTEs. These businesses often operate without dedicated IT resources and have a market-cap of approximately $9 billion USD. They operate in low digitization industries.
  • Semi Mature – Small businesses with up to 99 FTEs or medium-sizedsmall enterprises with up to 499 FTEs. These businesses operate with limited or no IT/ security resources. They have a market-cap of approximately $17 billion USD and operate in low-digitization industries.
  • High Maturity – Small businesses with up to 99 FTEs and medium-sized enterprises with up to 499 FTEs. These companies typically operate with a small IT department and have a market-cap of approximately $17 billion USD. They operate in high-digitization industries.

The following table summarizes the cybersecurity spend strategies of each SME group:

SME Category

Market Cap (USD)

Cybersecurity Strategy

Limited Maturity

$9 billion

  • 70-80% buy cybersecurity solutions directly, either online or through retailers
  • The remainder use managed service providers (MSPs) to handle IT-related issues

Semi Mature

$17 billion

  • About 50% use an MSP to handle IT-related issues
  • 30-40% use value-added-resellers (VARs)
  • 10-20% buy cybersecurity solutions directly

High Maturity

$17 billion

  • 40-50% obtain security products through Managed Security Service Providers (MSSPs)
  • 30% procure security products through VARs
  • 20-30% buy security solutions directly from vendors, often integrating them within their security operations center (SOC)


Why Adversaries Have the Advantage

SMEs are taking steps to address the endpoint security risks caused by the pandemic, but are they effective? Threat actors have decades of experience exploiting every type of business under duress and using catastrophic events to their advantage. For example, cybercriminals know smaller companies often turn to direct retailers or VARs for solutions in uncertain times. They also know, as a recent DUO study confirms, that out-of-the-box solutions are often extremely vulnerable to attack. These two pieces of information are enough for threat actors to gain a head start in exploiting a crisis.    

Likewise, threat actors know smaller businesses often rely on MSPs to secure them. This is why it came as no surprise in July of 2020 when the U.S. Secret Service announced a considerable increase in hacked MSPs. Attackers use compromised MSPs to launch attacks into the internal networks of their client businesses. One breached MSP can quickly leads to a chain of compromised SMEs.

The AI Approach

AI-based cybersecurity solutions are ideally suited for small and medium-sized enterprises. They leverage the same technology used by large, global organizations, but with a low cost of maintenance and administration that is well-suited for smaller organizations.

For example, BlackBerry® Cyber Suite uses fifth-generation AI to prevent threats, detect suspicious activity, and respond to malicious actions in real time. BlackBerry Cyber Suite uses AI to secure both users and technology, protecting the environment from malware, bad actors, and simple human error – no matter what size your business is.

Security Managed Services for Small and Medium Enterprises

Another option for SMEs is to deploy cybersecurity solutions as a managed service. This provides organizations with personalized cybersecurity support which they can use when they need it. BlackBerry® Guard provides 24/7 managed detection and response services. The critical shortage of cybersecurity specialists is an issue that affects businesses of all sizes. However, BlackBerry Guard solves this problem by giving your organization access to the expertise you need, when you need it.

For more information on how you can successfully secure your SME from current and future cyber threats, visit us at

For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog. 

About Corporate Communications