Portuguese small and medium-sized enterprises are more confident in their ability to face cyber threats. According to the “Hiscox Cyber ​​Preparedness Report 2025”, 86% of small and medium-sized enterprises (SMEs) say they have improved their cyber resilience in the last 12 months, progress that reflects increasing investment in this area.

Of this total, almost a third (31%) consider the improvement to be “significant”, driven by new regulatory demands and the need to respond to an increasingly complex digital landscape, according to a report by Eco.

However, despite advances in protection against this type of threat, challenges remain: around 54% of Portuguese companies surveyed admitted to having been the target of at least one cyberattack in the last year. The resulting consequences range from difficulties in attracting new customers (30%) to security problems affecting partners and third parties (30%). The increased costs associated with notifying customers were another significant impact, mentioned by 29% of organizations.

The greatest perceived risk for organizations continues to be related to regulatory and legislative changes in cybersecurity and data protection, cited by 42% of companies, reinforcing the pressure for constant updating of practices and systems.

To address new threats, 90% of SMEs invested in additional training for employees working remotely – still considered a vulnerable point in the digital infrastructure.

Among the most adopted measures to strengthen cyber resilience are updating cybersecurity training (74%) and investing in specialized software (64%).

Only 2% of companies said they had not taken any initiative, thus showing that cybersecurity has become an increasingly cross-cutting priority for Portuguese companies.

Globally, around 94% of companies plan to increase investment in cybersecurity in the next year. Portugal stands out for registering a significant intention to strengthen this area: 45% of Portuguese SMEs expect to significantly increase investment, placing the country at the top of the table, ahead of Spain (40%).

In total, 95% of national companies foresee increasing their budget for cybersecurity and data protection in the next 12 months, leaving only 5% planning to maintain or reduce current amounts.

For Ana Silva, Underwriter & Head of Professional & Financial Lines at Hiscox Portugal, the results reflect “a clear shift in the mindset of Portuguese SMEs, which are not only more aware of cyber risks, but also more proactive in mitigating them. The continuous investment in training, technology and prevention is the right path to ensure true cyber resilience.”