Beta

Source: OJ L 333, 27.12.2022, p. 80–152

EN

Recital 56 Small and medium-sized enterprises

Member States should, in their national cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; strategies, address the specific cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; needs of small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million;. Small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million; represent, across the Union, a large percentage of the industrial and business market and often struggle to adapt to new business practices in a more connected world and to the digital environment, with employees working from home and business increasingly being conducted online. Some small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million; face specific cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; challenges such as low cyber-awareness, a lack of remote IT security, the high cost of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; solutions and an increased level of threat, such as ransomware, for which they should receive guidance and assistance. Small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million; are increasingly becoming the target of supply chain attacks due to their less rigorous cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; risk-management measures and attack management, and the fact that they have limited security resources. Such supply chain attacks not only have an impact on small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million; and their operations in isolation but can also have a cascading effect on larger attacks on entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; to which they provided supplies. Member States should, through their national cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; strategies, help small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million; to address the challenges faced in their supply chains. Member States should have a point of contact for small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million; at national or regional level, which either provides guidance and assistance to small and medium-sized enterprises means a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million; or directs them to the appropriate bodies for guidance and assistance with regard to cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; related issues. Member States are also encouraged to offer services such as website configuration and logging enabling to microenterprises, ‘small enterprises’ and ‘medium-sized enterprises’ mean, respectively, microenterprises, small enterprises and medium-sized enterprises as defined in the Annex to Recommendation 2003/361/EC; and small enterprises means a financial entity that employs 10 or more persons, but fewer than 50 persons, and has an annual turnover and/or annual balance sheet total that exceeds EUR 2 million, but does not exceed EUR 10 million; that lack those capabilities.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod