cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

UK SMEs ‘oblivious’ to cyber security threats, report reveals

Small and medium-sized enterprises (SMEs) are the backbone of economies and communities, making up 99.9 per cent of the UK’s business population. However, it’s fair to say this backbone has been under immense, unwavering pressure in the wake of the pandemic and the uncertainty it has given rise to.

user iconReporter
Wed, 05 Jan 2022
UK SMEs ‘oblivious’ to cyber security threats, report reveals
expand image

In spite of this, small businesses have shown remarkable resilience and resourcefulness to navigate this turbulent landscape and even chart a course beyond recovery towards growth. However, in doing so, SMEs have arguably been blinded to another glaring danger that has the potential to undo all of this hard work: cyber attacks.

Such is the extent of this problem, back in 2018, a study by Hiscox revealed how UK SMEs are the target of an estimated 65,000 attempted cyber attacks every day. This has only become more problematic during the pandemic, with cyber attacks growing more frequent and sophisticated by the day. So, how are SMEs coping with this?

According to recent research, they’re not. UK SMEs are largely oblivious to the problem, with small businesses spending almost as much on their Christmas party as they do on cyber security annually. This approach to security has to change if SMEs are to protect their business and avoid financial hardship.


The basis of the research explored below, reveals the first step to action is awareness.

Rightly self-assured or blissfully unaware?

Before diving into the crux of the survey’s findings, it’s positive to see that, right now, UK SMEs are feeling self-assured. Even though the past year and a half has been a trying period, over half (55 per cent) of respondents believe their business is healthy from all points of view, such as financial, compliance, cyber security and customer retention.

One in 10 (11 per cent) leaders even go as far to say there are no threats to their business. But, as established above, this is not the case – and one has to wonder if this self-assuredness is misplaced. Especially when one considers that 35 per cent of UK SMEs believe the pandemic increased their exposure to cyber risk, rising to 58 per cent in London.

More worrying still is that a third (34 per cent) of SMEs that don’t believe a cyber security breach is likely to happen to them. Or at the other end of the spectrum, the 48 per cent that believe they could deal with a cyber attack. Because, while this confidence is encouraging, it seems unfounded given that 24 per cent of SMEs spend nothing on cyber security and a further 25 per cent spend less than £1,000 a year.

SMEs are leaving themselves wide open to threats

The recent research reveals how this lack of security spend is driven by a number of factors. Leading the way, however, is the fact that SMEs simply don’t see the need for cyber security, with 34 per cent stating they don’t invest more because their business is too small. Similarly, 19 per cent also say their data is not a target and that their business isn’t under threat.

Running parallel to this misguided sense of invulnerability is the financial burden of security, with 41 per cent of SMEs – rising to 59 per cent in London – saying investment in cyber security is too big a cost and that they’d prefer to take risks. Perhaps most worrying of all, however, is that this seems to stem from the top, with 35 per cent saying their investors only care about growth and not cyber security.

Overall, this points to a lack of awareness and urgency, with SMEs and investors alike oblivious to the risks – and the potentially crippling financial impact should an attack ever take place. But without the necessary investment, they’re leaving themselves wide open to threats – and it may only be a matter of time before they’re inadvertently subjected to said financial pitfalls.

This is only reinforced by the survey’s findings that 29 per cent don’t have a cyber security strategy in place, with almost a third (32 per cent) also not having an emergency response plan in the event of a cyber attack. Similarly, 31 per cent also lack access to cyber security experts – with all roads leading to the likelihood that, should the worst happen, SMEs will almost certainly be impacted significantly.

Greater awareness and action are needed towards cyber security

Ultimately, the research findings show that UK SMEs are not taking cyber security seriously, often through no fault of their own. But with the rise in cyber attacks and widespread remote working, it’s imperative that business leaders become aware of the risks and are able to take the appropriate action to safeguard their business, customers and employees.

Doing so is not only a matter of avoiding attacks or financial implications – it could well be the difference between lost jobs and livelihoods, with a successful cyber attack carrying the potential to put an SME out of business. So, why take a chance? Especially in an age where there’s accessible, affordable, enterprise-grade cyber security designed specifically for SMEs.

[Related:The infamous and most notable cyber attacks of 2021]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.