Business owners are being urged to strengthen their cyber defences after new figures revealed that half of small businesses suffered a cyber breach or attack in the past year, as the government launched a nationwide campaign to promote its Cyber Essentials scheme.
The initiative will run across social media, podcasts, radio and business networks, targeting busy small and medium-sized enterprises (SMEs) with practical advice to protect themselves from common online threats such as hacking, malware and data breaches.
Cyber incidents can have serious financial consequences, with significant attacks costing businesses an average of £195,000. Overall, cyber crime is estimated to cost UK firms £14.71 billion annually.
The campaign encourages businesses to adopt Cyber Essentials, a government-backed certification developed with the National Cyber Security Centre (NCSC), which outlines five key protection measures: firewalls, secure configuration, software updates, user access control and malware protection.
Cyber security minister Baroness Lloyd warned that smaller firms, including independent retailers, are increasingly in criminals’ sights.
“No business is out of reach from cyber criminals,” she said. “Too many still assume cyber criminals only go after big brands. The reality is criminals look for easy opportunities, and without basic protections in place, any business of any size can become a target.
“I know smaller firms don’t have large IT teams, and that is exactly why Cyber Essentials matters. It provides a straightforward checklist to lock the door on cyber criminals, without needing specialist expertise.”
The government said the scheme is already proving effective, with organisations that have Cyber Essentials in place making 92 per cent fewer insurance claims. Certification can also help businesses secure government contracts and access free cyber insurance, including a 24/7 emergency helpline.
New research published alongside the campaign highlights the scale of the threat, with 82 per cent of medium and large businesses reporting a cyber incident in the past year. Adoption of Cyber Essentials among larger firms has risen from 23 per cent to 30 per cent, but ministers said uptake among SMEs remains lower.
NCSC chief executive Dr Richard Horne said criminals frequently target smaller firms because of weaker protections.
“Many small business owners assume their business is too small to be on cyber criminals’ radar, but in reality, we know most attackers don’t care about size, reputation or logos – they are looking for opportunity and weaknesses,” he said.
“Small businesses do not need to go to the ends of the earth to put baseline cyber security measures in place as the Cyber Essentials scheme can help them take practical steps today.
“I urge all businesses to implement the five key security controls to help protect themselves against the most common, damaging online threats.
To help businesses get started, the campaign is offering free tools including an online readiness assessment, complimentary consultations with accredited cyber advisers and access to certification guidance materials.
The government said improving cyber resilience among SMEs will also help protect supply chains and ensure business continuity, as it prepares wider reforms through its forthcoming Cyber Security and Resilience Bill.