Mark Barnett, global head of Small and Medium Enterprises at Mastercard, shares why small businesses, armed with new tools, sharper awareness and a growing focus on resilience, are proving that cybersecurity isn’t just defense, it’s a growth strategy.
Transcript
This is What's Next in Payments, a PYMNTS podcast. Forward-looking insights from industry leaders on the trends and technologies reshaping payments and fintech. In this episode, Mark Barnett, global head of small and medium enterprises at Mastercard, shares why small businesses, armed with new tools, sharper awareness, and a growing focus on resilience, are proving that cybersecurity isn't just defense, it's a growth strategy.
John Gaffney:What will you do if the unexpected actually happens? At Mastercard, they're thinking about SMBs and cyber defenses. As we're we'll hear in a minute, shoring up cyber defenses for small businesses is crucial. In a world bracing for macroeconomic shocks, the real October surprise for small businesses may already be unfolding behind the scenes. Silent cyber attack can end a business overnight. Small businesses are the backbone of the global economy, representing millions of jobs and driving innovation across every sector. Yet their size and resource constraints often make them especially vulnerable to cyber threats. Here to discuss this issue, I'm happy to welcome Mark Barnett. He is the global head of small and medium enterprises at Mastercard. Mark, thanks for joining us.
Mark Barnett:It's a great pleasure. Good to see you, John.
John Gaffney:So, Mark, when we came up with this topic, the October surprise, sometimes it comes from a sports team that does really well. Sometimes it comes from a stock market. But I love what Mastercard has done with this. And my question to you is could the real disruption that would surprise small to medium-sized businesses be a digital disruption?
Mark Barnett:Yeah, look, well, I first of all, I don't want to be alarmist about this. I'm not suggesting there's going to be some sort of terrible cyber meltdown in October. But uh as a general theme, we do see as we build up towards the holidays, which we're now doing, the more transactions, the more commerce there is out there, then the more fraud and the more cyber that we we tend to see as well. So um yeah, we we do think you just said that small businesses are the backbone of the economy. You know, 90% of over 90% of businesses are small businesses, probably 70% of all employees globally are employed by them, 50% of world GDP, something like that. Depends where you are in the world. So it's it's kind of important that these small businesses um have a resilience against uh cyber. And digital, the digital transfer transformation that we've seen in the past five or 10 years, especially accelerated in the last five for obvious reasons, is to some extent a double-edged sword on the positive side. It's meant small businesses can reach many more customers, go global in their nature. Um uh their supply chains can be simplified, their ease of doing business is is increased, they can get on with what small businesses really want to do, which is running a small business. Um, but uh on the you know, the the flip side of that is that they now have a digital footprint, which is uh open to attack by bad actors. So yeah, we we we do have some fairly sobering statistics. Um so we we we we did a survey recently, it's called the Moscow Global SME Cybersecurity Landscape Reports, a bit of a mouthful. Uh I think we surveyed over 5,000 SMEs in five or six different markets, and 90% of cyber attacks worldwide are against small businesses. So, you know, um it is real, it does happen, and we we want to be there to uh to help this entire ecosystem be more resilient.
John Gaffney:So, Mark, I know one of your key tenets as an executive is resilience. And you said in the past that you know, readiness doesn't mean you predict every shock, it's about that resilience. What does digital resilience look like for small businesses in today's environment? And how do you think technology and partnerships can help them protect and defend and detect these kinds of cyber attacks?
Mark Barnett:Yeah, so yeah, you're right. You know, you can't protect against every shock. Resilience is about being able to uh withstand and recover from cyber incidents without losing focus on growth or without even worse things happening. Um, you know, we do see a confidence gap in that survey that I mentioned. Only, well, less than 25% of SMEs feel confident about identifying cyber threats. And um 75% really do struggle to assess the sort of risks they're facing. Um and ease is important to them as well. Small businesses are very short on time. Um uh and uh 80% want solutions that protect them without requiring technical expertise. So, you know, I think AI is gonna have an important part. I'll talk a little bit later on about how uh how we're using AI to drive um cybersecurity. I think AI is gonna be a big enabler. Um, I think the power of partnerships, you know, small businesses working with companies like us, but also companies that provide their telecommunications, provide their ISPs, provide their accounting software, um, all these partnerships are uh are going to be important. I guess the message is, you know, digital resilience isn't a sort of luxury anymore. Cybercrime is a reality, and um, you know, small businesses do need to uh um to make sure that they're protected as well as they can be.
John Gaffney:So, Mark, is there a resilience gap when it comes to cybersecurity among SMBs? And you know, if there is, how do you feel like Mastercard can help close it?
Mark Barnett:Uh yeah, look, I think it's been closed all the time. There's lots of things that that we're doing. We're trying to sort of um democratize, if you like, cybersecurity because you know, big companies have big cyber teams. We've got a gigantic one, obviously, because um, you know, uh we we we get attacked all the time and we we we we fight them up that off all the time. But small businesses just don't really have that. So we've come up with a few fairly practical things aimed at SMEs. Um there's one called My Cyber Risk, um, which is pretty simple product that's uh an SME can at the press of a button we can initiate a uh a scan against their digital footprint and identify weaknesses there. And then that and that's just a push of a button. You'll get a report back saying these are the weaknesses and this is what you can do about it. Um quite often that's not enough. So we've got partnerships with companies like Viking Cloud or CyberMunks, where that SME, if they can't resolve their own problems, can get on the phone to actual human beings and be handheld through a resolution, which for some people is essential, for some people not so much. There's another thing called the MustGuard Trust Center, um, which you can find on our website, which has a whole bunch of uh of digital protection tools and also some some sort of uh handhelding holding guides on what to do if you do suffer an attack and what you should be doing in advance of being attacked to protect yourself. So um, you know, 65 million small businesses have been brought into the digital economy since 2020. Every one of them has a vulnerability. So is there a gap? Yeah, sure. But I think we're doing a lot to create or build a foundation for that resilience that we just talked about.
John Gaffney:So now it's time to talk about AI, Mark. And I and I know you're excited about this. Um, but how do you see AI developing? How are how do you uh observe it currently and what's gonna be in its short-term future state? And how can you plan strategically for AI and stay agile at the same time?
Mark Barnett:So, look, um a bit like I said, digitization is a double-edged sword, AI is gonna be a double-edged sword as well. I mean, AI um is gonna make life a lot easier for small businesses to focus on doing what they do. If you roast coffee beans, you want to roast great coffee beans. If you serve food in a restaurant, or you want to serve great food in a restaurant, you don't want to be thinking about the back office, the supply chain, the table management system, that you know, et cetera, et cetera. And AI, you know, we're gonna have um, you know, digital CFOs or digital assistants that are gonna help handheld businesses, small businesses, through a lot of the day-to-day back office type uh grind that any business has to put up with. But equally, AI is a threat factor, you know. We have uh AI-powered systems that um you know that can that that can uh that can create threats on a level that we haven't seen before. So what are we doing? Um, you know, we've been using let's let's go back a bit. For years we've been using machine learning um to train our fraud models. You know, we process 159 billion, or last year we processed 159 billion transactions. Every one of those was scored for fraud. Um uh that's 5,000 a second uh fraud scores we're pumping out. So everything on our network is scored for fraud. Um and as we've advanced, uh that machine learning turned into AI, and now um we're using more um the power of agenda uh of um uh generative AI to enhance our models even better. But there's a there's a lot of other things. You know, we bought a company recently called um Recorded Future, it's one of the biggest acquisitions we've ever made. It's a threat intelligence company, you know, it it goes onto the darkware uh uh and uh looks for compromised cards uh and can provide issuing banks with the predictions on whether cards have been compromised, and those cards could have been in the hands of the SME. So we make sure that those get closed or replaced. Um we we look at synthetic identity prevention, so this is false merchants cropping up to uh to try and uh try and steal your data. Um I mentioned um our fraud scoring, that that's a tool called decision intelligence. Um we've now detected 40% more fraud in in the first quarter last year than we did in the in the whole of the prior year. So through through through these sort of more advanced techniques. So I think there's a lot we're doing in in the AI space. I'm only talking about it from the fraud and cyber angle, not from the other sort of you know, other use cases. But I I think I think this is a great great deal we're doing, and hopefully that's something that can help uh SMEs as we go forward too.
John Gaffney:So SMEs need to grow, though, Mark. I mean, how how can you balance those growth ambitions with the need to protect your business, your consumer, and your brand?
Mark Barnett:Yeah, look, I mean the harsh reality is if it if I mentioned earlier, 46% of small businesses have suffered a cyber attack in the last year. Nearly one in five, I think it was 18%, their business was closed a year later. So I mean that is I mean, that is an unbelievably depressing statistic. Um now they let's take it with a little bit of a pinch of salt. They may have been going out of business anyway, they might have been at the end of their business journey and wanting to close it anyway, but still it's it's a very stark uh number. So yeah, whenever we survey um, we do it, we we talk to a lot of small businesses all the time. There are three things that always pop in terms of their needs. First is access to capital, the second is help with the digital journey, and the third is um cyber protection. And we're seeing that cyber protection come up the list. I don't think they're uncompatible incompatible, uh John, because um, you know, if you suffer a cyber attack, you know, you've got to focus on that. And if you're focusing on that, you're not gonna be growing. So I think the reality is the two have got to come hand in hand. Um, you know, the customer's pretty unforgiving if they realize that a company that they've been working with has had a cyber attack. I think 66% of consumers would stop shopping at a particular shop if they knew that they'd been cyber attacked. Um, you know, yeah, I've got a blizzard of statistics, but no, I mean it's it's about uh I think they come hand in hand. I mean, going forward, small businesses are going to have to prioritize some of their budget to spend on cybersecurity in order to be able to grow. Um, it's gonna be um uh a synergistic thing.
John Gaffney:That was extremely well said. Mark, this is my last question. Um, do you think we know businesses need to protect themselves, particularly SMEs? Can it become a source of compet of competitive strength as as well as just a defensive mechanism?
Mark Barnett:This is one of those strange areas. Yeah, yes, of course. If you're better protected than your competitor, then um you have a competitive advantage. But as with as with many things in this area, we don't really like to think of it too much in that way. We'd like everyone to be protected rather than it be a source of competitive advantage. You know, in in our industry, we we the issuing banks compete very hard with each other, the um merchant acquirers compete very hard with each other, we compete very hard with our competitors, but in the area of fraud, we pool a lot of data. We we try to, you know, in the area of cyber, we have several cyber resilience centers around the world. And you know, here here in Europe, we we take part in the NATO Lock Shields Cyber Resilience Um Center. We we work with many governments, and it's really, you know, cyber protection is it's not a solo enterprise. The more people that you bring to the party to protect the ecosystem, the safer it's gonna be for everybody, especially small businesses. So I guess the answer is yes and no. We'd rather it was uh everybody being protected than the other way around.
John Gaffney:Excellent answer. All right, that's gonna do it for this episode of What's Next in Payments. My guest has been Mark Barnett. He is global head of small and medium enterprises for Mastercard. Mark, thanks so much for joining us.
Mark Barnett:Thank you very much indeed.
Narrator:That's it for this episode of the PYMNTS Podcast — the thinking behind the doing. Conversations with the leaders transforming payments, commerce, and the digital economy. Be sure to follow us on Spotify and Apple Podcasts. You can also catch every episode on pymnts.com/podcasts. Thanks for listening.