SMEs urged by Government to “lock the door” against cybercriminals

The Government is launching a campaign to get business owners on board with its Cyber Essentials scheme after research revealed that half of SMEs have been victims of a cyber attack in the past 12 months. 

It’s hoped that the campaign will push SMEs to ramp up their cyber security defences in response to the research, which also uncovered that cyber attacks are costing UK businesses £14.7 billion annually – the equivalent to 0.5% of the UK’s GDP.

While many businesses are aware of the financial and reputational impact that just one cyber attack can have, the Government’s findings suggest that many still have vulnerabilities.

A growing problem

With a significant cyber attack costing businesses, on average, almost £195,000, it’s understandable that this remains a primary concern for SME owners. Driven by the rapid iteration of technology and AI in these kinds of attacks, many are actively seeking out advice on what cyber insurance they should put in place. 

The growing cyber threat has been reiterated by the findings of the latest Cyber security longitudinal survey, which has been run by the Department for Science, Innovation and Technology (DSIT) since 2021. 

Although the survey focuses mostly on medium-sized and larger ventures, its findings are a warning to all. It revealed that 82% of businesses had experienced some kind of cyber attack in the last year. 

The report also states that “supplier management continued to be a pertinent weakness in organisational cyber resilience”, pointing out that organisations “generally lacked awareness about cyber security incidents in their supply chains, acknowledging they likely happen without their knowledge”.

Barrier to innovation

The call to action from the Government coincides with the release of research from ISO certification consultancy platform Be Certified that suggests that businesses are not only concerned about cybersecurity but might even hold back from innovating because of these fears. 

In a survey of 700 SME owners and managers, 42% of them pointed to cybersecurity as the main obstacle in the way of pushing ahead with more digital transformation goals in 2026. 

Despite this, more than half (55%) of respondents said that they consider digitalisation a key priority for growth in 2026, with IT businesses and financial services ventures topping the charts. 

Interestingly, security wasn’t the only hurdle to digital transformation that businesses cited. More than a third of respondents stated that “their workforce isn’t equipped with the digital skills needed to fully embrace new technologies”, while nearly a quarter shared that a lack of training was an issue for them. 

Although these barriers may seem unrelated to cybersecurity, a lack of skills and knowledge can lead to mistakes, proving a fatal weakness for businesses when cyber criminals are looking for vulnerabilities. 

What can SMEs do to reinforce their digital defences?

The survey carried out by Be Certified – which has its own cybersecurity education scheme – suggests that businesses acknowledge they need help in this area.

In particular, the findings reveal that 18% of SME owners want subsidised digital transformation training, while 15% said that they needed financial help to hire additional staff to manage digital change, of which cybersecurity should be a part. 

Thankfully, the government’s Cyber Essentials scheme is an easy way to receive tailored guidance, and although the assessment isn’t free, the government does provide free resources to help businesses prepare. 

It’s crucial that SMEs face the very real possibility of cyber attacks. Richard Horne, chief executive of the National Cyber Security Centre (NCSC), which developed the Cyber Essentials Scheme, says, “Many small business owners assume their business is too small to be on cyber criminals’ radar, but in reality, we know most attackers don’t care about size, reputation or logos – they are looking for opportunity and weaknesses.”

This means that businesses of all sizes must act now to mitigate the risk of cyber attacks. This includes resisting the urge to shelve plans to deploy new technology because of fears around risk. It’s vital that business owners find training solutions that will allow them to innovate safely and confidently while also remaining constantly alert to cybersecurity threats.