No small matter – Cyber security in China: what SMEs need to know

hellorf_161451770 small sizeSmaller companies can be particularly susceptible to cybercrime as they often lack the resources to fully protect themselves against such attacks.Writing for the EU SME Centre, Karsten Luc provides some advice on how SMEs in China can defend themselves against cybercrime.

China has the largest online population with around 642 million users. More remarkable though is the fact that there is another half a billion people in China that are still yet to join this community of netizens.

Through the rise of low-cost smartphones and the expansion of Internet connectivity in particular, more and more Chinese are expected to come online.

It is estimated that 60 per cent of Chinese netizens already browse the web with their smartphones, using the online world for activities such as shopping (e-commerce), communicating (social media) and entertainment (online gaming). As a result, tech companies are benefiting greatly from this trend, such as the smartphone producer Xiaomi, one of the world’s most valuable start-ups.

Yet the stakes are high.

In 2013, cybercrime caused damage worth USD 37 billion in China. As more Chinese netizens use mobile payment systems, cyber criminals will seek opportunities to hack into these financial systems and their devices.

The risk is all the more real to organisations lacking profound IT knowledge.

What does this mean for SMEs? Two questions are especially important to understand.

How can SMEs in China defend themselves against cybercrime?

Though media coverage on cyber incidents such as hacking, IP theft, and espionage is mushrooming, and despite the fact that governments are increasing their focus on ‘cyber’ issues, SMEs are still not investing enough in cybersecurity.

A study by the Ponemon Institute in 2013, has found that only 58 per cent of respondents consider cybersecurity relevant to their businesses and that 42 per cent do not invest enough in their IT security.

A reason might be that in cyberspace it is much easier to attack than to defend and not everyone is tech-savvy enough to understand the complex technical processes. For SMEs with limited resources here are five tips that can help to prevent major cyber incidents from happening:

  1. Train your staff in cyber security: Most cyber intrusions can be prevented if your staff is well trained and aware of the various cyber risks. This is especially important to SMEs that tolerate BYOD (bring your own device) practices.
  2. Beware of pirated software in China: If you buy a PC in China, ask yourself if the pre-installed software is pirated and can be updated.
  3. Update your software regularly: Taking Microsoft Internet Explorer as an example, a lot of Chinese employees are accustomed to using outdated versions. Very few use open-source web browsers such as Firefox which are updated on a regular basis.
  4. Get ready with a diversified strategy for your digital needs: Label all your digital matters according to their security level. What can be made public and what needs to be protected? For instance, there is nothing wrong with hosting your site in China if it only contains public information. Sensitive data should be handled by your trusted systems from abroad, though.
  5. Insist on rigorous passwords: Ninety-four per cent of attacks could have been prevented with basic ‘cyber-hygiene’. The best example is that the most popular password in use today is ‘12345’, and the second most popular is ‘password’.

What efforts are currently undertaken by the Chinese Government?

The Chinese Government wants a healthy development of its Internet and for its cyberspace to be clean of ‘spiritual pollution’ (online rumours or pornography). As a result, strong Internet regulation policies are being enforced in order to gain sovereignty over cyberspace. To the detriment of foreign SMEs in China, access to foreign websites and their digital services, including vital research tools, are often blocked or restricted.

The result of this is that local firms will shape the digital landscape in China. Most of them offer similar services that mainly target the Chinese audience, but will become increasingly innovative. Overall, the Chinese Government believes that advanced digital technologies will lead to more innovations that aid economic growth.

Top 8 Reasons That Make SMEs Attractive Targets for Cyber Criminals

  1. Not enough resources spent on cybersecurity (time, money, expertise).
  2. No IT specialist in the team.
  3. No risk awareness.
  4. Lack of employee training.
  5. No regular security updates.
  6. Outsourcing to the wrong contractors (you get what you pay for).
  7. No endpoint security (BYOD – Bring Your Own Device).
  8. Bad news: SMEs (with annual revenues of less than USD 100 million) cut security spending by 20% in 2014.

Small and medium-sized enterprises in China should strengthen their efforts to understand the Chinese digital market better with its booming service providers, but should also be aware of the inherent risks.

With more development in local IT services, SMEs can benefit from a growing number of business opportunities; however IT newcomers still need to prove that they can offer quality services, great customer support and security. The risks are that the chosen company might become a failed investment and might even negatively disrupt business operations.


To get further advice on improving cyber security for your business in China, watch the webinar recording on this topic available on the EU SME Centre’s website.

For an overview of the ICT market in China, please download the Centre’s sector report. An updated version will be available in May 2015.

The EU SME Centre helps EU SMEs prepare to do business in China by providing them with a range of information, advice, training and support services. Established in October 2010, and funded by the European Union, the Centre has entered its second phase which will run until July 2018.

All services are available on the Centre’s website after registration, please visit: