SARDI Cybersecurity Awareness Campaign for MSMEs in Bangladesh
The meteoric rise of digitalization in the global business arena has been an exceptional phenomenon in recent years. However, it is alarming that the small and medium-sized enterprises (SMEs) in Bangladesh were far behind in implementing sturdy frameworks and cutting-edge technologies to ensure information security, notwithstanding the fact that the SME sector contributes 30.4% to the country’s Gross Domestic Product (GDP). And after the COVID-19 pandemic posed significant challenges, many traditional MSMEs have resorted to digital tools and platforms to sustain their operations & currently Over 350,000 entrepreneurs are already online in Bangladesh’s f-commerce and e-commerce sectors, with an annual growth rate of 70%.
Despite an estimated 7.8 million CMSMEs in Bangladesh, with approximately 89% belonging to CSME, cybercrime has emerged as a critical threat to the country’s economy. A recent report indicated that 55% of all ransomware attacks on enterprises targeted businesses with less than 100 employees & The absence of cybersecurity knowledge and awareness remains a persistent challenge for online Bangladeshi MSMEs, with 31% of respondents citing it as a significant issue in the aforementioned report. This issue is particularly problematic for Bangladesh since most MSME entrepreneurs hail from rural and remote areas with scant formal education, and their comprehension of the cyber realm is still in its infancy. As a result, they are often victimized by cyber threats, resulting in significant business losses.
And as an initiative towards empowering the MSMEs of Bangladesh, USAID’s South Asian Regional Digital Initiative (SARDI) working for digital development, launched a Cybersecurity Awareness Campaign for Micro, Small, and Medium Enterprises (MSMEs) in Bangladesh intending to augment the cybersecurity management practices of Bangladeshi MSME proprietors and refine their personal and business-related digital hygiene. And to gather primary insights on field level dynamics and inform the campaign design, Inspira conducted an assessment to evaluate the state of Knowledge, Attitude & Practice (KAP) of the target MSMEs regarding cybersecurity measures in the digital platform.
Team Inspira carried out a comprehensive assessment of cybersecurity cognizance amidst MSME owners in seven territories of Bangladesh, encompassing Dhaka, Chattogram, Gazipur, Narayanganj, Cox’s Bazar, Bogura & Jashore utilizing a heterogeneous strategy that combined both quantitative and qualitative data collection methods. The quantitative data was obtained from MSME owners in multifarious sectors, while qualitative data was collected via focus group discussions and key informant interviews with government agencies, ecosystem actors, law enforcement agencies & significant private sector organizations operating closely with MSMEs in the digital arena.
During the plan stage, MSMEs were bifurcated into two fractions: Ardent Adopters, who had prodigious cyber exposure but moderate to low level cybersecurity preparedness and Laggards, who had low cyber exposure and low or no cybersecurity preparedness. The team scrutinized the data from both groups’ viewpoints against each parameter under the KAP framework. The team amassed rigorous information to comprehend the current state of cybersecurity cognizance in the targeted territories and derived insights to elevate cybersecurity awareness for MSMEs.
Online platforms are being swiftly taken up by a growing number of entrepreneurs:
The findings suggest that 47% of respondents rely on internet-based tools and platforms for their business operations, which is impressive given Bangladesh’s relatively low mobile internet penetration rate. Furthermore, almost 44% of entrepreneurs use digital media for personal consumption. The domestic e-commerce and f-commerce sectors have witnessed a staggering 72% CAGR in the last five years, indicating that MSMEs linked to online platforms will experience even more rapid digital transformation in the near future.
Bangladeshi MSMEs lag in cybersecurity awareness and preparedness amidst rising threats:
A total of 82% of the Ardent Adopters group and 57% of the Laggard group have heard of the terms “cybersecurity” or “online safety.” However, when asked to provide more detailed information about specific threats and mitigation measures, respondents from both groups struggled to demonstrate a comprehensive understanding of the threat landscape. Only 7.70% of the respondents could accurately identify all four major cyber threats and propose possible mitigation measures to address those threats. These findings indicate that there is a significant need for greater education and awareness about cybersecurity among MSMEs in Bangladesh.
Digital onboarding without cybersecurity knowledge is putting MSMEs at risk:
About 34% of surveyed entrepreneurs reported being victims of cyber-attacks or knowing someone who has. Fraud, MFS scams, data breaches, and phishing links are the most common cyber threats faced by these MSMEs. In addition to cyber-attacks, the spread of misinformation and disinformation is also prevalent. Among the surveyed Laggards, 56% do not fact-check news on the internet. Some with minimal online presence view Facebook as the internet and trust everything they see there. Shockingly, over 80% of MSMEs lack knowledge about fact-checking resources available online.
Recommendation/ Results/ Implementation:
Implementation of a prolonged cybersecurity awareness campaign for MSMEs that goes beyond a specified quarter, to address gaps in knowledge and ensure a sustained impact:
As the propagation of cybersecurity awareness predominantly occurs during the International Cybersecurity Awareness Month in October & government agencies and private sector stakeholders promote cybersecurity, but their messages do not cater to the MSMEs. Thus, to counter the relatively low levels of cybersecurity awareness in this sector, Inspira launched a protracted MSME-focused awareness campaign named “ব্যবসায় ডিজিটাল সুরক্ষা” & On-boarded renown organizations like SME Foundation, Women E-Commerce , e-CAB , BDoSN & many more.
Use of mixed communication strategy to target MSMEs, combining P2P networks and social media:
MSME entrepreneurs highly value the support of their peers in addressing business-related challenges. Therefore, involving peer-to-peer networks and industry associations at the cluster level can be an effective strategy in a cybersecurity awareness campaign. To cater to the distinct needs of the Ardent and Laggard target groups, who face different cybersecurity threats and have different learning habits and media preferences, the campaign incorporated tailored messaging and organized 20+ workshops jointly collaborated with SME Foundation , CWCCI & renown Cybersecurity Experts across all the geographic locations of the campaign.
Following a standardized approach & enabling the target group to gradually expand their comprehension of cybersecurity awareness throughout the campaign:
The campaign primarily segmented into three phases, each with a distinct purpose in educating the target audience about cybersecurity awareness. The first phase focuses on educating the audience about the prevalent cybersecurity threats faced by MSMEs. The second phase emphasizes preventive measures to alleviate concerns, and the final phase strives to instill cybersecurity habits and internet hygiene in the collective consciousness.
Implementation of an integrated platform with anecdotal communication & storytelling contents to effectively engage MSMEs with learning resources.
The campaign’s communication strategy was simple, informal & narrative approach through collaborative engaging contents, board games & interactive contents like live performances . Additionally, to cater the target audience with information & support a central platform named “ব্যবসায় ডিজিটাল সুরক্ষা” with a content library of all learning materials was established. And furthermore Inspira developed a One Stop Support Desk which provides a professional messaging system and standardized practices to address legal factors. To ensure transparency, a terms of service agreement is in place outlining information collection, service features, and limitations.