Small businesses have been urged to strengthen their digital defences after the government warned that cyber-attacks on UK businesses are becoming increasingly “intense, frequent and sophisticated”.
In a joint ministerial letter sent this week to small business owners, the government said half of all small firms had suffered a cyber-attack in the past year, while 35 per cent of micro-businesses reported being targeted by phishing attempts.
Ministers stressed that retailers of every size are at risk, with attacks capable of shutting down trading, compromising customer data and causing lasting financial damage.
Cyber gangs have increasingly targeted UK brands and retailers, including Marks and Spencer, Co-op, Harrods and Jaguar Land Rover.
Earlier this month, Marks and Spencer said the cyberattack that affected its online service in May sent profits sliding in the group's first half. In September, Co-op has reported a £206m revenue hit from a major cyber attack in the first half of 2025.
Liz Lloyd, minister for digital economy, Blair McDougall, minister for small business and economic transformation, and Richard Horne, chief executive of the National Cyber Security Centre (NCSC), urged owners to take “five minutes today” to review their defences.
They highlighted two key tools designed to help small firms build resilience:
- Cyber Action Toolkit – A free, personalised online package from the NCSC that breaks cyber protection into simple steps. It adapts to each business’s level of progress and offers practical actions that can be completed at any pace.
- Cyber Essentials – A government-backed certification scheme that demonstrates a business meets the UK’s minimum recognised cyber-security standard. The scheme includes free cyber insurance, access to a 24/7 emergency helpline and is increasingly required for government contracts. Certified organisations are 92% less likely to make a cyber-insurance claim, the letter noted.
The ministers emphasised that retailers do not need specialist expertise or an in-house IT team to significantly improve protection. “Good cyber security empowers your business to grow confidently, safeguard customer trust, and stay resilient,” they wrote.
Businesses that experience an incident are encouraged to report it to Action Fraud – or Police Scotland via 101 – while Cyber Essentials certified firms can access additional round-the-clock support through the dedicated emergency helpline.
The letter concludes with a call for collective action: “Together, we can build a more resilient business community that is ready to meet the cyber challenges we face.”
For retailers increasingly reliant on digital payments, online ordering and connected systems, the warning underlines the growing importance of cyber-security as a frontline operational priority.