In just one year, the number of phishing attempts at companies has increased tenfold. Remarkably, two-thirds of SMEs believe they are not interesting enough for cybercrime, according to the SME Cybersecurity Monitor 2023.
More and more SMEs are confronted every day with malicious websites and phishing attempts via their systems or employees, as data from KPN shows. On a weekly basis, KPN thwarts more than 7 million attempts to attack Dutch businesses. In particular, the number of cases of phishing, in which attempts are made to obtain personal, login or financial data, is increasing rapidly. This is in stark contrast to the findings of the latest SME Cybersecurity Monitor, conducted by Motivaction, which shows that SMEs underestimate the risk and likelihood of becoming a victim of cybercrime.
An average of 1 million phishing attempts per day
Compared to a year ago, companies are much more likely (+34%) to deal with cybercrime in the form of malicious websites, phishing and websites infected with destructive or malicious software. In particular, the number of phishing attempts has increased almost tenfold on a weekly basis compared to a year earlier. What is striking is the increase in so-called Newly Registered Domains, websites with malicious intentions, such as fake online stores, that only remain online for a day. Every week, KPN stops more than 7 million cybercrime attempts targeting SMEs. This is only possible at companies that use the Extra Safe Internet (EVI) function. Unfortunately, there are still many companies that do not use this security filter, which means that millions of cybercrime attempts have a chance of success. And while it is free of charge.

Insufficient preparation
The results of KPN’s latest SME Cybersecurity Monitor, conducted by Motivaction, make it painfully clear why only a limited group opts for additional measures; 62% of SMEs believe -wrongly- that they are not interesting enough for cybercrime.
Research also shows that three-quarters (76%) of the SME companies surveyed have already experienced a cyber threat or attack. It is remarkable that 43% of entrepreneurs admit that they are not, or only moderately, prepared for a cyber threat or attack that means their networks, data and systems are inaccessible for more than 24 hours.

Of the SMEs that are not well prepared, one in five indicates that they do not have the time (22%) or resources available (22%) to prepare properly. They weigh the investments against the risks. Almost as many entrepreneurs (19%) do not prepare sufficiently because they feel that an attack simply cannot be prevented.
SME Cybersecurity Monitor KPN 2023
KPN periodically conducts research into the resilience of the Dutch business community. The SME Cybersecurity Monitor 2023 was carried out by Motivaction among almost 350 SME companies (with 10-250 employees). These results have been supplemented with the analyzes that KPN conducts every day with regard to cybercrime aimed at the business community. KPN shares these insights with customers so that they can take action to strengthen their online security.