What is the impact of cybercrime on SMEs?
Alexander Ayertey Odonkor


Editor's note: Alexander Ayertey Odonkor is an economic consultant, chartered financial analyst and chartered economist with an in-depth understanding of the economic landscape of countries in Asia and Africa. The article reflects the author's opinions and not necessarily the views of CGTN.

In all the regions of the world today, there are significant footprints of digitalization, a newfangled wave that is transforming economic, environmental and social activities. Countries across the globe have become increasingly dependent on digital technologies – this phenomenon is enhancing access to education and healthcare, protecting biodiversity and generating additional revenue for businesses – in fact, all these changes are facilitated by the Internet of Things (IoT) technology. With the widespread usage of the IoT technology, the world is becoming increasingly connected, an outcome that has brought many economic opportunities.

Before the advent of IoT, customers of business entities, particularly small and medium-sized enterprises (SMEs), were mostly limited to the countries where these companies had physical presence but things have changed rapidly in the last two decades. SMEs now have significant market share that extends beyond countries they operate in. However, while the digital transformation has presented SMEs with many opportunities for growth, unfortunately, cybercrime has turned this invaluable resource into a double-edged sword, a canker that has targeted the SMEs sector.

Highlights from the World Economic Forum's Global Cybersecurity Outlook 2022 shows that within the global supply chain and ecosystem, SMEs are the most susceptible to cyberattacks. In this research, which surveyed 120 global cyber leaders from 20 countries across the World Economic Forum Cybersecurity Leadership community and the Accenture Cybersecurity Forum, 88 percent of the respondents indicated that they were concerned about the cyber resilience of SMEs in their ecosystem.

Certainly, this outcome is not out of the blue, especially when cyberattacks on SMEs in the last two years have increased significantly. For instance, as of 2020, 55 percent of SMEs had experienced a cyberattack, with ransomware, social-engineering attacks and malicious insider activity being a thorn in the flesh of owners and managers of SMEs. So this begs the question: Why have hackers targeted SMEs?

In most cases, SMEs have few adequate cybersecurity systems to fortify them against cyberattacks. As a result, hackers see these enterprises as low-hanging fruits, a condition that has been exacerbated by the COVID-19 pandemic.

To curb the spread of the coronavirus, governments around the world have introduced lockdowns and implemented several other restrictions on travelling. These changes have pushed businesses and consumers to go online – relying heavily on e-commerce to purchase goods and services. According to a report from the United Nations Conference on Trade and Development (UNCTAD), these COVID-19 related changes have increased the share of e-commerce in global retail trade from 14 percent in 2019 to about 17 percent in 2020.



With the COVID-19 pandemic driving the surge in e-commerce and accelerating the digital transformation, SMEs could only stay in business by uttering their business models. This meant that SMEs had to rely more on data, network systems and the internet to conduct their businesses, an arrangement that was not used frequently by most of these businesses prior to the outbreak of the COVID-19 pandemic. For some SMEs, particularly those in Least Developed Countries (LDCs), COVID-19 related changes such as working from home and relying solely on the internet to conduct businesses is entirely new to them.

Also compared to larger businesses, most SMEs do not have the budget to procure adequate cybersecurity systems to protect them against cyberattacks. These deficiencies now serve as an opportunity for cybercriminals as they constantly exploit the online and network vulnerabilities in the SMEs sector, which has become a major threat to the global economy. For example, with SMEs being the most targeted in 2021, cybercrime amounted to over $6 trillion, a figure that could rise to more than $10 trillion annually by 2025. To put this into perspective, this amount is larger than the GDP of advanced countries, such as Japan, Germany, the UK and France. If this trend is allowed to persist, the financial losses attributed to cybercrime will continue to increase cost of operation, limit productivity and reduce innovation in the SMEs sector, which will eventually force millions of these businesses to shut down permanently, leading to many job losses.

Admittedly, cybercrime in the SME sector has contributed in impeding inclusive growth, constraining innovation, pushing millions of people into poverty and reducing global economic growth significantly. But for how long will the entire world allow cybercrime to thrive? Considered as the engine of growth for the global economies, it is quite unfortunate that SMEs have not been protected adequately from cybercrime. According to the World Bank, SMEs represent about 90 percent of all businesses and provide more than 50 percent of employment worldwide. These social and economic gains make SMEs growth central to the global COVID-19 economic recovery and also key to achieving sustainable development.

However, all hope is not lost, and with the United Nations making preparations towards drafting a global treaty for cybercrime, at the country level, it is important for policymakers to implement germane measures to protect SMEs, drawing lessons from countries making significant progress in this area.

China, which is one of the leading countries making suggestions for the UN global treaty for cybercrime, has adopted punitive measures for addressing this problem. In 2021, the Chinese police investigated 62,000 cybercrime cases – a total of 103,000 suspected individuals have been arrested in connection to these cybercrimes with more than 27,000 internet enterprises and institutions facing administrative penalties.

This is a step in the right direction in the fight against cybercrime, a move that will definitely protect SMEs. Other countries could also emulate these efforts from China. However, to achieve this will require equipping law enforcement agencies and other related institutions with high-quality cybersecurity systems and appropriate technological skills. It is important to note that to mitigate global cybercrime, countries around the world will have to understand that this task requires the collective effort because cyberspace transcends borders.

(If you want to contribute and have specific expertise, please contact us at

Search Trends