Latvia: Small Businesses Lag in Cybersecurity Monitoring
Latvia’s smaller businesses are significantly less likely to regularly monitor cybersecurity threats than their larger counterparts, according to a recent survey reported by ReTV. While over 80% of large enterprises in the country consistently oversee their cybersecurity posture, that figure drops to just over 40% for small businesses. The findings, stemming from a study conducted by the European Digital Innovation Centre (EDIC) and cited by mobile operator LMT, highlight a growing vulnerability within the Latvian economy as cyber risks escalate.
Disparities Across Regions and Business Sizes
The gap in cybersecurity vigilance isn’t uniform across Latvia. The survey data reveals a particularly stark contrast in the Zemgale region, where 100% of large companies actively monitor for cyber threats, compared to only 45% of small businesses and 28% of micro-enterprises. Similar patterns are observed in other regions, suggesting a systemic issue tied to business size rather than localized factors. This regional disparity underscores the need for targeted support and awareness campaigns.
Beyond monitoring, the study also points to a significant difference in employee training. Large companies are far more likely to regularly inform and train their staff on cybersecurity and data protection risks. In the Pierīga region, for example, 88% of large businesses actively engage in such training, while only 44% of small businesses do. Even in Latgale, where awareness appears higher 56% of large companies prioritize employee cybersecurity education. This lack of training represents a critical weakness, as employees are often the first line of defense against cyberattacks.
The Cost of Inaction for SMEs
Mārtiņš Kaļķis, Head of LMT’s Cybersecurity Development Department, cautions against the misconception that cyber incidents only affect large organizations. “It is a mistake to think that cybersecurity incidents only affect large companies,” Kaļķis stated, as reported by Liepajniekiem.lv. “They affect small and medium-sized businesses every day, creating reputational risks, financial losses and downtime.” For smaller businesses, a successful cyberattack can be particularly devastating, lacking the financial resources to quickly recover and mitigate the damage. Kaļķis also points out that many small businesses serve as crucial partners to larger organizations, making them potential entry points for attacks targeting the entire supply chain.
The financial implications of cyberattacks on Latvian SMEs are substantial. While precise figures for 2026 are not yet available, data from the Aizsardzības ministrija (Ministry of Defence) highlights the growing threat landscape. The Ministry emphasizes that illegal leverage, damage, paralysis, or destruction of information and communication technologies can threaten national and public security, public order, and economic activity, hindering further economic growth. The cost of a data breach extends beyond immediate financial losses to include legal fees, regulatory fines, and long-term reputational damage.
National Efforts to Bridge the Cybersecurity Gap
Recognizing the growing need for cybersecurity professionals, Latvia is actively investing in training initiatives. Riga Technical University, with support from Google.org, is offering free cybersecurity training programs to address the skills shortage. This initiative is a direct response to the increasing demand for qualified cybersecurity personnel across all sectors of the Latvian economy. The Ministry of Defence, in collaboration with the University of Latvia’s Institute of Mathematics and Computer Science (CERT.LV), plays a central role in coordinating national cybersecurity efforts. The State Security Service is responsible for overseeing critical information infrastructure.
The Latvian government is also strengthening its legal framework for cybersecurity. The National Cybersecurity Law, updated in 2024, provides a comprehensive legal basis for protecting Latvia’s digital infrastructure. While specific details of the 2024 amendments aren’t yet fully public, the law aims to enhance cybersecurity governance, promote international cooperation, and raise public awareness.
The Role of the National Cybersecurity Council
The Aizsardzības ministrija oversees the National Cybersecurity Council, which serves as a central coordinating body for cybersecurity policy and implementation. The Council’s work is supported by the Digital Security Supervision Committee. This collaborative approach, involving both state and private sector entities, is crucial for effectively addressing the complex challenges of cybersecurity. The Ministry of Defence is responsible for shaping and implementing cybersecurity policy, but the overall national strategy relies on cooperation between various institutions and the private sector.
What’s Next: Increased Regulation and Awareness
The current trend suggests a likely increase in regulatory scrutiny for Latvian businesses, particularly SMEs, regarding cybersecurity practices. Expect to spot more emphasis on mandatory cybersecurity assessments, data protection protocols, and employee training programs. The government will likely continue to invest in public awareness campaigns to educate businesses and individuals about the risks of cyberattacks and the importance of proactive security measures.
Further, the findings from the EDIC survey will likely fuel discussions within the National Cybersecurity Council regarding targeted support programs for SMEs. These programs could include subsidized cybersecurity audits, access to affordable security tools, and specialized training resources. The focus will be on empowering smaller businesses to build a more resilient cybersecurity posture and protect themselves from the growing threat landscape. The ongoing skills shortage will also necessitate continued investment in cybersecurity education and training programs at all levels.