Abstract

The rapid advancement of digital technology has ushered in the "fourth industrial revolution," characterized by the seamless integration of technologies across physical, digital, and biological domains. Within this context, the European Union's Cyber Resilience Act (CRA) aims to establish uniform cybersecurity standards for all digital products, thereby enhancing the overall cyber resilience of the EU market. This study explores the level of awareness and preparedness among small and medium-sized enterprises (SMEs) regarding the CRA. A quantitative survey was conducted, gathering 673 responses from 416 SMEs, 160 large companies, and 91 very large enterprises. The findings reveal significant disparities in CRA awareness and readiness, with only 12.3% of SMEs being aware of the CRA compared to 83.5% of very large enterprises. SMEs reported substantial challenges including a shortage of skilled labor, lack of a comprehensive cybersecurity strategy, and uncertainties about the CRA's specifics. In contrast, very large enterprises focused on timeline pressures and achieving compliance. These results underscore the urgent need for targeted support and resources to address the specific needs of each enterprise group. Furthermore, the study highlights the necessity for SMEs to adopt a proactive stance in monitoring and understanding regulatory changes to mitigate risks associated with late compliance. The research contributes valuable insights into the effectiveness of current communication and implementation strategies surrounding the CRA and suggests potential areas for improvement to achieve the overarching goal of widespread cyber resilience. Future studies should validate these findings and explore the impact of enhanced regulatory pressure and diversified communication channels on improving CRA awareness and compliance among SMEs.The rapid advancement of digital technology has ushered in the "fourth industrial revolution," characterized by the seamless integration of technologies across physical, digital, and biological domains. Within this context, the European Union's Cyber Resilience Act (CRA) aims to establish uniform cybersecurity standards for all digital products, thereby enhancing the overall cyber resilience of the EU market. This study explores the level of awareness and preparedness among small and medium-sized enterprises (SMEs) regarding the CRA. A quantitative survey was conducted, gathering 673 responses from 416 SMEs, 160 large companies, and 91 very large enterprises. The findings reveal significant disparities in CRA awareness and readiness, with only 12.3% of SMEs being aware of the CRA compared to 83.5% of very large enterprises. SMEs reported substantial challenges including a shortage of skilled labor, lack of a comprehensive cybersecurity strategy, and uncertainties about the CRA's specifics. In contrast, very large enterprises focused on timeline pressures and achieving compliance. These results underscore the urgent need for targeted support and resources to address the specific needs of each enterprise group. Furthermore, the study highlights the necessity for SMEs to adopt a proactive stance in monitoring and understanding regulatory changes to mitigate risks associated with late compliance. The research contributes valuable insights into the effectiveness of current communication and implementation strategies surrounding the CRA and suggests potential areas for improvement to achieve the overarching goal of widespread cyber resilience. Future studies should validate these findings and explore the impact of enhanced regulatory pressure and diversified communication channels on improving CRA awareness and compliance among SMEs.