Peter Bronkhorst, founder of cybersecurity company Seyfo, knows that reality from within. As an entrepreneur and former Jack of all trades, the non-IT professional who is responsible for “adding IT” within a small company, he saw how vulnerable his own target group is. “Many entrepreneurs think: 'I'm not interesting, am I? ' But that's exactly why you're at risk,” he says.

In this article, you can read why cybersecurity in SMEs often remains invisible, what the biggest risks are and how you can easily take steps as an entrepreneur.

Cybersecurity is underrated

In many small companies, there is no separate IT department. IT is something that is arranged “on the side”, often by that one handy colleague who knows just a little bit more about computers than the rest. As long as everything seems to be working, safety rarely comes on the radar. Many entrepreneurs therefore assume that they are not an interesting target for cybercriminals. They trust that their IT partner will take care of everything. Or they think that because their data is in the cloud, everything is automatically well secured.

But those assumptions are dangerous. Nowadays, cyber attacks are largely automated. Hackers don't care if you have three or three hundred employees. In addition, cloud solutions only offer security if you take care of the correct settings and password protection yourself - which is exactly where things often go wrong.

Almost the entire company runs on SaaS; but who keeps the overview?

In many small companies, almost everything is now running in the cloud: from accounting and e-mail to sales, HR and project management. This is efficient and scalable, but it also leads to a false sense of security. Because although SaaS services are often well secured at the back, the responsibility for settings, access control and data usage remains with the user.

Nevertheless, many entrepreneurs assume that “cloud = securely arranged”. But who has access to which tools? What happens when someone leaves employment? And who checks whether a tool is still needed at all? In practice, the overview is often missing. Tools are installed, linked and shared without clear agreements or insight into the risks, creating silent vulnerabilities that go unnoticed for months.

The offer is opaque

Most cybersecurity solutions have been developed for large organizations with specialized IT teams and large budgets. These solutions are technical, complex or focused on certifications such as ISO 27001. For small companies, they are often too expensive, too complicated or simply not applicable.

What SMEs do get are technical scans without context, e-learnings that nobody watches, or compliance stories that are not in line with daily practice. The result is that entrepreneurs get the feeling that cybersecurity is something they can't do anything with anyway. As a result, action is not taken and nothing changes, while the risk grows.

This lack of overview continues at all levels. Not only do people often no longer know which tools are running - there is also a lack of grip at the user level. Passwords are shared between colleagues, reused, or pasted on a post-it next to the screen. Access rights are rarely checked periodically. Often, no one knows exactly what data is where, who can access it, or what happens if that access falls into the wrong hands. And that's where the danger lies. Just one incident, such as a ransomware attack or a leaked customer database, can result in major damage, legal hassle, or even the end of your business.

Start with an overview

Cybersecurity doesn't have to start technically: the most important first step is an overview. Where is your company information? Who has access? And what happens if that data is suddenly no longer available or leaked? By starting with insight into your business processes, you can quickly get an idea of the critical points.

Peter Bronkhorst founded Seyfo with the aim: to make cybersecurity practical for small SMEs. No expensive consultants or thick reports, but concrete steps:

• Cyber risk analysis: based on your processes, translated into euros: what does it cost if things go wrong?
• Cybersecurity portal (ISMS): one place where you manage your systems, risks and measures
• Training for 'Jack': practical explanation for the person who manages IT, without technical jargon

“At many companies, no one knows exactly which tools are being used. So we always start with the processes - and it often turns out that the number of systems is much larger than expected,” says Peter. Seyfo helps you set priorities: what risks are really important, and what can you do about them without shutting down your business?

Conclusion

Cybersecurity doesn't have to be a complex or technical topic. Especially for small companies, the strength lies in understanding your own processes, recognizing risks and taking simple, feasible measures.

It starts with awareness and insight: knowing where you are vulnerable and what to focus on. Many incidents can be prevented with basic measures, clear agreements and the smart organization of your digital work environment. Digital safety is not a luxury or an afterthought. It is a precondition for a company to operate reliably, professionally and future-proof.

So don't wait for things to go wrong, but take the first step towards structural digital resilience today.