As the number of cyber incidents multiply, governments have a growing responsibility to support vulnerable segments of the economy in bolstering their cyber defenses. A new Mastercard whitepaper outlines how the public sector can safeguard digital services for small and medium-sized enterprises (SMEs), secure their economies, and develop market-wide cyber resilience through public-private partnerships.

Globally, cyberattacks continue to rise year-over-year, permeating both the public and private sectors. The rapid rise in digitisation during the pandemic has widened organizations’ points of vulnerability. In fact, the number of cyberattacks per company have increased 31% year-over-year since 2021 [1], with the resulting cost of breaches forecast to exceed $10 trillion globally by 2025.[2]

As the backbone of the global economy, SMEs account for 90% of businesses worldwide and approximately 50% of employment.[3] However, the record pace at which many SMEs digitalised during the pandemic unfortunately resulted in the lack of prioritization of cybersecurity protocols, if at all, making them frequent targets for attack.

In addition to broader concerns for the national economy, governments have a vested interest in building cyber resilience for small businesses not only to build ecosystem resilience but to also protect themselves, as frequently their third-party contractors are SMEs. Today, most SMEs lack the resources and funding to effectively protect themselves from rising cyber risks – and that’s where governments can help.

A three-pronged approach to risk: quantification, management, and education

To drive safety and security across their digital ecosystems, governments and their private sector partners must work together to secure the new digital infrastructure. Through public-private partnerships, governments can support SMEs by enabling access to cyber tools offering risk quantification, management, and education, fostering greater cyber resilience across the economy.

Risk quantification

Governments must find partners that can help them mitigate the cyber risks in their economies and build ecosystem resilience through quantification. Instead of inefficient manual approaches, SMEs can stay ahead of perpetrators with ongoing cycles of risk identification.[4] The quantifiable self-assessments may be customized internally for specific business needs and contextualized externally based on ever-evolving threats.[5] Government entities can use the outputs to elevate the overall cyber resilience of the broader business ecosystem.

Risk management

Following risk identification, breach and attack simulations can support risk detection by copying cyberattacks before perpetrators have the chance.[6] The concept isn’t new – wargame simulations have formed part of military strategy for decades. However, cost-effective cybersecurity simulations are now available on a wider scale for small businesses with government support. 

The Ministry of Economic Affairs of Bavaria, for example, has worked hand in hand with Mastercard on a recent initiative to assess the cyber health of 1,000 businesses operating in the region. The project enables businesses to understand potential cyber threats while raising awareness around how the Bavarian government can promote cybersecurity for local enterprises and manage emerging cyber risks.

Risk education

A third and fundamental component to support SMEs in building cyber resilience is risk education. Governments can partner with the private sector to develop a common understanding and broader knowledge of the cybersecurity ecosystem.

As part of the French government and Mastercard’s four-year “Partnership for the Digital Economy”, the French Chamber of Commerce and Industry (CCI), together with Mastercard and other private-sector partners, launched an 18-month cybersecurity educational program called “Les Digiteurs”, offering a series of monthly webinars and access to Mastercard’s Cyber Quant risk identification tool.

A collective responsibility

These examples, among others, demonstrate that by leveraging private sector risk quantification, management and education tools, government entities can harness insights and outputs to elevate the cyber resilience of business ecosystem in their economies.

Investment in cybersecurity across the public and private sectors is no longer a ‘nice to have’ – it’s a must. An increasingly connected digital world demands an equally connected collective mindset – a responsibility that runs from big government to small business and back again.

Read the full whitepaper from Mastercard Data and Services Cybersecurity for small businesses here: https://www.mastercardservices.com/en/reports-insights/cybersecurity-small-businesses.


  1. “How aligning security and the business creates cyber resilience.” Accenture, 2021. ↩︎
  2. “Cybercrime to cost the world $10.5 trillion annually by 2025.” Cybercrime Magazine, 13 Nov 2020. ↩︎
  3. “Small and medium enterprises (SMEs) finance.” The World Bank, n.d. ↩︎
  4. “Catching heat: How to evolve to beat cybercrime.” Mastercard, 2019. ↩︎
  5. “External self-awareness is key to accurate and actionable cyber risk quantification.” Mastercard, October 2022. ↩︎
  6. “Wargaming: Stopping cybercrime by copying it.” Mastercard, 2022. ↩︎