DIGITAL SME and Matrix Internet hosted a Premium Cyber Masterclass for DIGITAL SME members on Cyber Risk Management. The Masterclass highlighted how common cyber risk is, why smaller firms are often targeted, and which practical steps can materially reduce exposure. It also showed why cyber insurance and compliance planning are becoming business-critical, not just IT topics.

The masterclass was opened by Jeff Sheridan, Matrix Internet CEO, who exposed the SME reality of cyber risk management: many SMEs still have a long way to go on cyber maturity. He explained that 78% of SMEs fall into a low cyber-resilience category, 67% have no formal incident response plan, and only 18% are covered by cyber insurance. He also described the “SME paradox” of high fear but low adoption, driven by perceptions that cyber is too technical or too resource-heavy.

Jeff then looked at cyber insurance and the growing pressure from regulation and customers. He explained that cyber insurance can help cover financial and operational fallout, including downtime, data loss, and reputational harm. There are also business links with insurance, such as procurement, legislative pressures from the NIS2 and the Cyber Resilience Act, and supply-chain requirements to broader compliance and commercial pressure.

After this, Brian Power, Head of Cybersecurity at Matrix Internet discussed risk management strategies in more detail. He opened by framing cyber risk as a business issue for SMEs, not a technical side topic, and noted that many attacks succeed because of weak fundamentals rather than advanced attacker sophistication. He then explained the core causes of SME vulnerability: phishing, ransomware, the human factor, and limited security resources.

The discussion then moved from a simple layered approach to protection. The webinar stressed four “critical” controls first – multi-factor authentication, patch management, proper backups, and staff awareness training -before moving to measures like access control, endpoint protection, email security, and incident response planning. It also covered more proactive steps such as risk assessments, third-party risk, cyber insurance, and penetration testing.

A major discussion focused on threat examples and the changing risk landscape. The webinar used ransomware, business email compromise, credential theft, and supply-chain attacks to show how real-world incidents can disrupt operations, damage finances, and even threaten business survival. It also highlighted how AI is making attacks more convincing while also improving defensive tools.​

Benefits for attendees

For SMEs in attendance, the main benefit was practical guidance they could act on immediately. The webinar gave a clear priority order for controls, helping firms focus on affordable measures that reduce the majority of common attacks. It also helped attendees understand how better cyber posture can support customer trust, business continuity, insurance eligibility, and bid competitiveness.