Library:
Paris Champerret
Madrid
London
Paris Montparnasse
Turin
Berlin
In our daily lives, we are regularly exposed to spam emails, fraudulent SMS messages, and
increasingly sophisticated phishing attempts containing suspicious links. This phenomenon
extends well beyond the personal sphere. In the professional world, CEO frauds, ransomware
attacks, fake HR interviews, and recent outages from enterprises like Crowstrike in July 2024,
crashing millions of Windows systems, have become alarmingly common.
Large companies, often better prepared, have the technical, human, and financial resources to
respond to such cyberattacks. But what about small and medium-sized enterprises? Do they
have the necessary means to protect themselves effectively? The statistics are alarming. An
SME that falls victim to a cyberattack typically shuts down within six months of the incident.
One of the most promising solutions lies in employee training to improve cybersecurity
awareness and enhance the ability to identify and react to threats. But does better knowledge
truly lead to better behavior? For instance, most users are well aware that reusing the same
password across multiple accounts is risky, yet this practice remains widespread. Why do
individuals persist in such behaviors despite understanding the risks? And more importantly,
how can we effectively address this gap?
This study aims to explore this paradox, specifically within the context of European SMEs. Our
objective is to identify the key factors that influence the gap between cybersecurity knowledge
and actual behavior, and to propose concrete, low-cost, and effective strategies that SME
leaders can implement to reduce their exposure to growing cyber threats. To this end, we will
draw upon a survey of 100 European SMEs employees and theoretical frameworks from
cognitive and behavioral psychology to analyse common human errors and identify practical
levers to mitigate them sustainably.
