How small businesses can protect themselves against rising cybercrime

4 mins

A recent cybersecurity report has revealed that certain SMEs (Small and Medium Enterprises) ...

A recent cybersecurity report has revealed that certain SMEs (Small and Medium Enterprises) are still not prioritising cybersecurity measures, despite cyberattacks being at an all-time high. Whilst ransomware attacks have more than doubled (risen by 112 per cent) since last year, the Q2 Cyber Security Breaches Survey 2023 found that only 68 per cent of micro businesses consider cybersecurity as a high priority, compared to 80 per cent in 2022.

This trend of underspending is reflected nationally. Despite the UK suffering the most cyberattacks in Europe in the last year, accounting for 43 per cent of all attacks and costing the small business community an estimated £4.5 billion a year, UK security budgets have remained flat since 2021. Only 11.3 per cent of the average IT budget is spent on security, ranking the country 13th globally. 

So why aren’t businesses prioritising cybersecurity?

There are several factors behind this shift. One driving force has been the soaring salaries of cybersecurity talent, which has priced many smaller businesses out of the market. The salaries of cybersecurity specialists increased by as much as 50 per cent in the wake of the pandemic, as many businesses took on talent to sure-up their working from home practices. 

Since then, however, we’ve seen the demand for this talent level off – likely a ramification of the threat of recession reducing spending, particularly in smaller organisations where budgets are already stretched. Therefore, many are choosing not to hire the staff that they need to protect their business.

Despite awareness rising, it is also clear that some in the business community are not always taking the threat seriously, until after an attack. SMEs are suffering close to 10,000 cyber-attacks per day, but there is often still an attitude of acting reactively rather than proactively. Many SMEs are simply not doing enough when it comes to cybersecurity, from the tooling in place to the attitude of employees around security risks. Research has shown that 43 per cent of cyberattacks are aimed at SMEs but only 14 per cent are prepared to defend themselves.

Why are SMEs particularly at risk?

Certain types of cybercrime are more effective on smaller businesses. For example, with ransomware SMEs are more likely to pay the ransoms because it will often be a nominal fee. Therefore, they believe that it will be cheaper to pay to reclaim their property/data than to hire someone to prevent it being taken in the first place. 

There is also a lot of uncertainty surrounding the correct procedure for dealing with ransomware, with no real legislation or set advice to follow. As a result, many have a very ‘immature’ cybersecurity set up. 

So, what can SMEs do to protect themselves?

Make security the responsibility of the whole team.

The most important step that businesses can take is to focus on building a security culture by increasing awareness across the entire team. A large proportion of attacks happen due to human error or weaknesses in processes. Therefore, simply training employees to become more aware of security attacks, improve their online safety knowledge and flag the types of scenarios to which staff could fall victim, is an effective way to reduce the number of successful cyberattacks, especially phishing attacks. 

This approach ensures staff are aware of current practices around data infringement. By keeping security as a priority in the eyes of employees and having the right measures in place, internet behaviour can quickly improve.

Implement simple deterrents.

Smaller businesses need to move away from the idea that security measures are always complex, expensive and far reaching when, in reality, they don’t need to be. Simple changes in employee behaviour and implementing a few key best practices to improve digital security can keep the most common forms of cyberattack at bay. These could include:  

  • An Email Security Gateway – this can provide initial protection and acts to block suspicious mail from reaching employees. This protects the business from spam, viruses, malware and ransomware attacks. 
  • Putting strong endpoint protection in place – this technology protects endpoint devices from malware attacks and ransomware attack. This will protect computers, laptops, smartphones, tablets and all other devices that obtain data.
  • Implementing secure passwords and regular password changes – smaller businesses can make this task easier using Business Password Management technologies. These technologies allow users/employees to generate and store different passwords for multiple accounts in one encrypted vault, reducing the need for users to remember their passwords and also lessening the chance of employees having the same password for everything. 
  • Multi-Factor authentication – this is a software that helps businesses improve their security by getting each user to provide their identity before they can access certain data and information. Essentially it establishes authorised and unauthorised access. 

If you need support in finding high-quality cybersecurity talent, our expert consultants have unparalleled knowledge of the market, including understanding business need and candidate expectations. 


And, with over 30 years’ worth of experience and expertise in IT Network and Security, we can be confident in knowing that we can help you in achieving your career ambitions. Get in touch with our team today