Ministry of National Defence
2019/09/06 - 2020/03/06
Cyberattacks are posing an increasingly serious risk for organizations and, for several years, they have been placed among the most reoccurring crimes worldwide. The 2018 PwC Global Economic Crime and Fraud Survey notes that cyberattacks do not cause great damage only to public institutions globally, but also has a significant negative impact on the global economy. The European Cybercrime Center (EC3) predicts that the number of cyberattacks will continue to grow, and the World Economic Forum’s Global Threat Report estimates that the total damage caused to the global economy by malevolent cyberattacks, in 2021, could reach as much $6 billion.
Almost half of all cyberattacks worldwide directly target small and medium-sized enterprises (SMEs), which are still extremely vulnerable to this day – in 2018, 53% of SMEs have experienced a cybersecurity breach or attack in the last 12 months. One of the key factors explaining their vulnerability is that companies underestimate the benefits of cyber threats and the necessity of resilience enhancement meaning. A report published by KPMG underlines that more than half (51%) of SMEs believe their company is too small to be a target of a cyberattack, and only a third (33%) of them feel fully prepared to face cyber security breaches. Meanwhile, a study by Kaspersky found out that 70% of SMEs are not aware of how to properly asses the risk of cyberattacks and the potential damage of cyber breaches to their businesses. This suggests that a high number of SMEs do not realize the value of their digital assets and, as a result, do not pay enough attention to enhancing cyber security.
Many cyberattacks occur not because of inadequate technical cybersecurity measures, but rather due to the lack of cyber security awareness amongst the employees. According to research done by ESET security company, more than a fourth of cyber incidents occur due to human error or lack of sufficient knowledge. Lithuanian Cyber Security Status Report notes that, in 2018 alone, the number of incidents involving social engineering methods nationally has increased by 25%. According to experts, good cyber security practices can emerge only if there is a greater focus placed on raising awareness and knowledge among individuals. This is echoed in the Lithuanian National Cyber Security Strategy, which stresses that a cyber incident cannot be prevented, even if all existing technical cyber security measures are implemented, so it is essential that all stakeholders within the public and private sector would take the responsibility of promoting the cybersecurity culture inside their workplace.
The Lithuanian Cybersecurity Strategy envisages the development of measures aimed at improving the cyber security status across the public institutions and SMEs. Throughout the duration of this project, Gabrielė, Justas, and Rūta will analyze the main cybersecurity issues for Lithuanian SMEs and will develop an awareness-raising tool to address the gaps in cybersecurity and meet their needs. To ensure the continuity of the project, we will be encouraging continuous cooperation between the stakeholders from the public and private sector with a goal to improve the overall cyber security situation in Lithuania.
To analyze the main cybersecurity issues for Lithuanian SMEs and develop an awareness-raising tool to address the gaps in cybersecurity and meet the needs of SMEs.
Completed analysis of a current cyber security situation across Lithuanian SMEs. Prepared and coordinated a survey aimed to evaluate the SMEs’ cybersecurity preparedness and awareness level.
Completed analysis of foreign best practices (UK, France, and Belgium) in the field of raising cybersecurity awareness of SMEs.
Successfully carried out a survey for the managers and employees of Lithuanian SMEs, and identified the main cybersecurity gaps and needs.
Held a public consultation with the experts from the public, private and academic sectors aimed to identify and determine the most suitable set of measures for Lithuanian SMEs.
Prepared a draft model of cybersecurity awareness-raising and information tool for SMEs and presented it to relevant stakeholders.
Published the cybersecurity awareness-raising and information package for SMEs. Prepared a list of further recommendations for enhancing the cybersecurity awareness raising capabilities for SMEs.
Šis projektas yra dalis Vyriausybės kanceliarijos kartu su VšĮ „Investuok Lietuvoje“ įgyvendinamo „Atviros Vyriausybės iniciatyvos“ projekto, kuriuo siekiama suformuoti bendrą viešųjų konsultacijų praktiką viešojo valdymo institucijose, padidinti visuomenės dalyvavimo viešajame valdyme veiksmingumą, plėsti informacijos apie Vyriausybės vykdomą veiklą ir visuomenės įtraukimo į sprendimų priėmimą priemones prieinamumą, sustiprinti viešojo valdymo atvirumo plėtrai reikalingas kompetencijas.
Šis projektas dalinai finansuojamas 2014-2020 metų Europos Sąjungos fondų investicijų veiksmų programos.