Russia’s PMEF warning: small firms are cyber-exposed, 5G pushes ahead, and developers tighten belts—what’s the real risk?

At Russia’s PMEF-2026, Positive Technologies’ managing director Alexey Novikov warned that many small and mid-sized businesses still do not use cybersecurity solutions, leaving them insufficiently protected against cyberattacks. The comment, delivered during a Kommersant session, frames cyber risk not as a niche issue but as a systemic vulnerability in the SME base that underpins everyday commerce and services. In parallel, industry voices at a Gazstroyprom and Kommersant business breakfast said demand for industrial showrooms and projects is rising, yet implementation is being squeezed by expensive financing, a shortage of skilled labor, and the high cost of mistakes. Separately, T2 CEO Anton Godovikov said the company is actively testing 5G in cities with populations above one million, signaling continued investment in next-generation connectivity even as broader constraints persist. Geopolitically, the cluster points to a Russia-centric but globally relevant security and infrastructure dilemma: digitalization and industrial buildout are advancing, while the weakest links in cyber hygiene and operational capacity are lagging. SMEs that lack basic protections can become entry points for larger intrusions, potentially enabling disruption of supply chains, payments, logistics, and critical service providers—an issue that matters for national resilience and for the credibility of Russia’s digital economy. On the industrial side, “expensive money” and labor scarcity suggest that project timelines and quality control may slip, increasing the likelihood of operational incidents that can be exploited by adversaries or trigger regulatory and reputational fallout. Meanwhile, 5G testing in major population centers indicates that telecom modernization is proceeding, which can improve industrial automation and enterprise connectivity, but also expands the attack surface if security-by-design is not enforced across vendors and operators. Market and economic implications are likely to concentrate in cybersecurity, telecom equipment and services, and industrial real estate development. Positive Technologies’ framing supports demand for endpoint protection, managed security services, and compliance tooling targeted at SMEs, which could lift sentiment for domestic cyber vendors and integrators even if budgets are constrained. The industrial developer remarks highlight pressure on construction and engineering labor markets and on capital-intensive project economics, potentially affecting construction materials, industrial services, and financing structures tied to interest rates and credit availability. For telecom, 5G trials in million-plus cities can accelerate capex and network modernization spending, with knock-on effects for tower infrastructure, enterprise networking, and industrial IoT platforms; however, the magnitude of near-term financial impact is uncertain because testing does not equal full commercial rollout. What to watch next is whether PMEF discussions translate into enforceable procurement standards and financing incentives for SME cyber readiness, such as baseline security requirements in contracts and sectoral guidelines. On the industrial side, monitor project pipeline updates for industrial developers: whether they re-phase schedules, switch to alternative staffing models, or renegotiate financing terms in response to “дорогие деньги” and labor shortages. For telecom, track T2’s 5G trial outcomes—coverage, latency, device compatibility, and whether security controls are integrated into deployments in major cities. Trigger points for escalation include any reported increase in SME breaches, new regulatory expectations around cyber controls, or signs that industrial project delays are compounding into safety or infrastructure incidents; de-escalation would look like measurable adoption of security tooling among SMEs and clearer rollout timelines for 5G with security-by-design requirements.

Geopolitical Implications

• 01

  Cybersecurity gaps in SMEs can amplify national resilience risks by creating entry points into broader economic and logistics networks.

• 02

  Industrial development constraints may increase operational fragility, raising the probability of incidents that can be exploited in a contested security environment.

• 03

  Telecom modernization (5G) expands both capability and attack surface; governance of security standards across vendors becomes a strategic issue.

Key Signals

• —Any regulatory or procurement moves at PMEF follow-up that mandate baseline cybersecurity controls for SMEs and contractors.
• —Reported increases in cyber incidents targeting small and mid-sized Russian firms.
• —T2 5G trial metrics (coverage, latency, device ecosystem) and whether security controls are integrated into deployments.
• —Industrial developer announcements on re-phasing projects, labor sourcing strategies, and financing renegotiations.