Home » Cyber risk management from the SME point of view

Cyber risk management from the SME point of view

Wednesday, 17 October, 2018

Most large businesses have already incorporated cyber risk management into their business strategy because there is a broader awareness of the need for holistic and thoughtful protection from cyber threats. However, unlike large businesses, small and medium-sized enterprises (SMEs) generally do not regard cyber risk as a strategic component in their business model despite the fact that cyber risk for SMEs is a real and growing phenomenon. However, SMEs need to Ready for Cyber Battle. Cyber crime is now very much part of interconnected global risks, with attacks against all businesses almost doubling in the last five years. Most worrying of all, statistics show that between 60 percent and 70 percent of SMEs are unable to survive a breach and are out of business within six months – all because they have no supplemental support mechanism in place to help them rebuild the company and reinstate their operations. (Source: Insurance Journal)

Due to the new General Regulation of Data Protection (GDPR) of the European Union, organizations are prioritizing this cyber risk in their corporate agenda. Considering that nowadays only 16% of the market value of S&P 500 companies is in physical assets and the rest comes from intangibles, it’s easy to understand why cyber risk management has become a priority issue.

In this webinar we will analyze the main barriers for SMEs to manage cyber risk and we will go through some key aspects to be taken into account in cyber risk management.

The webinar will be held on Wednesday, October 17, 2018, at 10:30 CEST

Who should attend

The webinar is open to all interested in the cybersecurity landscape, especially those concerned with cyber risk management.


Who are the speakers?

  • Samuel Fricker (Ph.D., Professor of requirements engineering at FHNW University of Applied Sciences and assistant professor at Blekinge Institute of Technology) will talk about the results of a research report developed under the SMESEC project focusing on SME needs when it comes to cybersecurity. He would also talked about SMESEC project, which aims to support SMEs in the area of cybersecurity in two different ways. On the one hand, by providing a framework with different tools and mechanisms for identification, protection, detection and response of systems and, on the other hand, cybersecurity training and awareness

 "Small and medium-sized enterprises (SMEs) are the new target for cyberattacks. In this webinar, we look at lightweight ways that allow SMEs to protect themselves thoroughly. The participant will receive food for thought, a checklist, and an invitation to the SMESEC beta programme."

  • John Davies (Co-founder and Chair of Cyber Wales and Managing Director of Pervade Software) will talk about how being part of a cluster could benefit SMEs in facing cyber risk management. He will offer his point of view as cluster manager, on what SMEs need, differences among the different members (universities, SME, research institutes, etc.) in how they face the risk management and the importance they give.

"Consistency of an interpretation of Risk is far more important than how brilliant that interpretation is - keep it simple!"

  • Miguel Manteca's (Technical Sales Manager at HISPASEC) presentation will focus on making visible the most frequent cyber risks to which SMEs are exposed. Emphasis will be placed on the loss of data and its possible consequences for the business. The talk will try to give the guidelines to prevent them and make your company digitally safer. Brief introduction to the "Seriot" European project, which addresses the issue of internet security of things.
  • Aitor Couce (Research assistant at ICMAT working in the H2020 project CYBECO) will present CYBECO. CYBECO will have a significant impact on information security investments, on the societal understanding of information security failures and how they should be addressed by properly incorporating intentionality into risk models and facilitating understanding of cyber security failures. “It is difficult for companies to decide on whether to buy insurance or not. CYBECO will help with that decision”.
  • Ahmed Bounfour (Chair professor at Paris-Sud University & Scientific coordinator of the Hermeneut project) will present the first systemic effort in measuring the economic impact on firms and critical sectors (ICT, finance), using complementary approaches (financial, NLP, econometrics).

"When comparing those attacked firms from our sample, to their non-attacked counterparts, the loss of value in their intangibles is roughtly around 20%. Furthermore, the simulated cascading effect for critical sectors is expressed into billions of euros, whereas the overall insurance market is less than 4Bns worldwide".

  • Ioannis Kechaoglou (Security Engineer at Rhea Group) will present CYBERWISER.eu, building on a 3-year legacy brought by its predecessor WISER, aims to become the EU’s reference, authoritative, independent cyber range platform for professional training. CYBERWISER.eu will provide a simulated environment to create cyber incident and cyber attacks scenarios where both students and IT professionals evolve their skills and continuously evaluate their performance, getting ready for future real attack episodes. SMEs can benefit from the results of this project.


John Davies

John Davies is the Co-founder and Chair of Cyber Wales, the largest cyber security ecosystem in the UK.  John has also chaired the Wales Cyber Resilience Board, a Welsh Government Steering Committee working with the National Cyber Security Centre to enhance cyber resilience across Welsh Public Sector organisations and providing policy and best practice advice for the Private Sector.  John has been a Sessional Lecturer on MBA courses and is committed to helping to close the skills gap in cyber security by participating on the Curriculum Advisory Boards of both Cardiff University and the University of South Wales where he regularly runs sessions for the National Cyber Security Academy.  John is a Welsh speaker who plays an active role helping military personnel and their families as Chairman of the Regional Employer Engagement Group for Wales.  For his day-job, he runs a Cardiff-based cyber security software vendor.

Image result for pervade software

Ahmed Bounfour

Chair professor with a specialisation in the measurement of intangibles of firms and sectors. Scientific coordinator of the Hermeneut project

Aitor Couce

Aitor Couce is a PhD student at Universidad Rey Juan Carlos, working on a decision support model for analysing the risk of cybersecurity incidents. He is BSc in Economics (Universidade de Santiago de Compostela, 2008) and MSc in Decision Engineering (Universidad Rey Juan Carlos, 2012). He has worked as cybersecurity analyst (2013-17) at Secure-NOK, Norway, doing risk analysis, research and innovation activities and supporting the development and marketing of cybersecurity software. All of these was done for commercial and R&D projects in Europe and USA. He also worked as an administrative officer at Flue, Spain (2009-10).

Ioannis Kechaoglou

Ioannis Kechaoglou is a cybersecurity engineer at RHEA Group with a strong academic background and practical experience. In his current role, he is involved in cybersecurity training and projects. As part of his effort to improve upon his skills, he likes to challenge himself participating in innovative projects in the cyber domain with the most recent the CYBERWISER.eu, an authoritative, independent cyber range platform for professional training.

Miguel Manteca

Degree in Pedagogy from the University of Málaga. Trainer of trainers by the Forem Institute. Editor in the reputed cybersecurity news blog "Una Al Día". Oriented to the academic and formative part in youth and currently focused on the digital world and cybersecurity.

Samuel Fricker

Samuel Fricker, Ph.D., is a professor at the University of Applied Sciences Northwestern Switzerland (FHNW). Samuel is heading a team of researchers and developers with in-depth experience of cybersecurity in the Swiss digital infrastructure and banks. Samuel knows SMEs from the inside out as he has worked in SMEs and created multiple startups in his career. In the SMESEC project, Samuel and his team are researching the adoption of good cyber security practice for SME and adherence to these practices. Samuel's team embeds the knowledge in the digital Cybersecurity Coach, a component of the SMESEC framework, that helps SMEs to discover cybersecurity needs and implement lightweight actions for thorough protection.


Marina Ramirez

Head Business and ICT Consultant and project manager. Telecommunications Engineering from the University of Malaga, with over 15 years experience in business and strategic consultancy for public administrations and SMEs. At CITIC; Marina develops strategic plans for innovation and information society, ICT and business advice to SMEs, development of commercial offers, attracting companies for participation in R + D + i projects. Reports, market research, analysis, project management.


Nicholas Ferguson

Nicholas Ferguson, Digital Communications Strategist & Project Manager. Nicholas has an MSc in Educational Management and a BA Hons in Politics and Sociology. He is the coordinator of the Common Dissemination Booster (CDB) as well as the coordinator of cyberwatching.eu. Previously, he was the coordinator of the CloudWATCH2 project and deputy coordinator of CloudWATCH, SLA-Ready, SIENA and OGF-Europe. He excels in building & promoting innovative tools and services in the ICT innovation landscape. His work focuses on raising awareness of novel tools and services in ICT, in the private, especially SMEs and public sectors as well as providing contributions to the adoption of ICT Standards. Since its launch in 2009, Nicholas managed the Cloudscape Series, www.cloudscapeseries.eu that grew from a funded initiative by the EC to becoming a self-sustaining event attracting international thought leaders in the cloud space in Europe. Nicholas has also played an instrumental role in the evolution of the yearly concertation meetings of the CloudWATCH & CloudWATCH2 projects.



On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.