Cybersecurity embodies a set of systems, processes, and actions that protect businesses from digital attacks. It is also known as information technology security or electronic information security. Using technology and digital platforms for commercial activities exposes companies to cybercrime like phishing, malware, or data and identity theft. To counteract these cyber threats, policymakers play a role in raising cybersecurity standards and developing regulatory frameworks that enhance cyber readiness capabilities in businesses. The International Telecommunications Union (ITU) provides a definition on cybersecurity and action areas for policymakers in its Recommendation ITU-T X.1205.
An increasingly interconnected world through digital networks has enabled businesses to collect and share more information to reach new customers and innovate. But it has also led to a rise of criminal activities that profit from stealing customer data and spying on business practices. In 2019, a report found that about 7.9 billion records globally were exposed by data breaches, an increase of 112% from 2018. Small businesses are often security breach victims, representing more than 40% of attacks in 2019. Studies have also found that about two-thirds of small companies close within six months of being hacked. Because of these vulnerabilities, MSMEs are often the weak link in global value chains. Since small businesses are so vulnerable to cyber attacks and can link to large anchor firms in global value chains, cyber readiness can be a criteria for the selection of suppliers. Bearing this in mind, policymakers need to develop holistic strategies and action plans to mitigate these threats. For example, the Organisation for Economic Co-operation and Development’s (OECD) Cybersecurity Policy Making at a Turning Point suggests key elements that cybersecurity strategies can incorporate. A McKinsey article has also outlined questions that can help policymakers formulate action plans on cybersecurity.
The increased use of digital platforms creates security vulnerabilities that cyber criminals often seek to exploit for illicit gains. Since the start of the COVID-19 pandemic, for example, cyber criminals have been increasingly targeting small businesses due to their lower skills and resources to adopt cyber protection systems. In this context, the International Chamber of Commerce (ICC) has outlined four key cybersecurity threats facing small businesses recently: (1) phishing and business e-mail compromise attacks; (2) malware distribution using COVID-19 as bait; (3) remote working and supply chain threats; and (4) heightened vulnerability due to a lack of awareness.
Cyber readiness and security are important for international trade, especially digital trade. Trade relies on trust, and threats to cybersecurity undermine confidence in digital trade and transactions and make sellers and consumers think twice about using this option. Businesses recognize this fact but have to comply with national regulations. If those regulations do not follow a standardized, risk-based approach, then potential traders are put at a disadvantage. Furthermore, varying requirements add complexity and can significantly increase costs for MSMEs, while at the same time reducing security. Policymakers should aim for aligned approaches to cybersecurity, including consistent use of standards, to reduce complexity and support MSMEs.