This study aims to investigate the understanding, practice and challenges of cyber hygiene within small and medium-sized enterprises (SMEs) that operate as digital suppliers in Sweden. The study employs a qualitative research approach with semi-structured interviews involving IT-Experts employed in SMEs of varying sizes. Findings of this study indicate that SMEs generally demonstrate a superficial understanding of cyber hygiene and often find themselves constrained by limited technical resources, insufficient in-house expertise, unclear security roles and a reactive rather than proactive cybersecurity mindset. Furthermore this study has identified a significant knowledge gap among the SME management and highlights that there is a prevalent perception of cybersecurity threats as remote or unlikely, thus leading to minimal prioritization until after incidents occur. The research emphasizes the critical importance of basic cyber hygiene practices for SMEs to enhance their overall cyber resilience.