However, as the costs of advanced cyber services, tools, technology, and skilled personnel increase, small businesses are the most affected. The barrier of cost hinders even the basic approaches to maintaining cyber resilience. While 75% of large companies have cyber insurance, only 25% of small to medium-sized enterprises do (World Economic Forum, 2024).

Small medium-sized enterprises face various practical challenges in securing cyber resilience. The biggest issue among them is the cost. Advanced cybersecurity services or tools and technologies for enhancing resilience require significant expenses, and while large companies can afford these costs, small businesses find it realistically difficult to bear them.

In reality, implementing training programs for cyber resilience, simulated hacking, penetration testing, and the latest security tools require substantial financial investment, and many small businesses fail to afford these, often just maintaining a minimal security level.

Additionally, the lack of skilled personnel is a major issue. Large companies can hire cybersecurity experts to run their security teams, but small businesses often lack the ability to do so, leading to security personnel having to juggle multiple roles. This inevitably reduces expertise and focus on security, making them significantly vulnerable to cyber threats.

Lack of security awareness and education is another challenge faced by small businesses. To achieve cyber resilience, all employees must be aware of security threats. However, due to a lack of time and financial investment in security education, employees may fail to respond appropriately to security incidents. For instance, one reason attacks through phishing emails continue to be successful is that employees are not adequately aware of these threats.

Attackers often target companies with low security levels and use them as a springboard to attack larger companies or related networks.

Issues like these make it difficult for small businesses to achieve 'cyber resilience', making them a primary target for cyber attacks. Cyber attacks do not only target large companies. Small businesses, like large companies, must recognize the importance of cyber resilience and consistently invest in security and education within their means.