Do Small Businesses Need Cybersecurity?
Yes. Small businesses are disproportionately targeted by cyber attacks because they typically have weaker defences than large organisations. The UK government's Cyber Security Breaches Survey consistently shows that around 50% of UK businesses experience some form of cyber attack each year.
Direct Answer
Yes. Small businesses are disproportionately targeted by cybercriminals — 43% of UK businesses experienced a breach in 2025 (DSIT). SMEs hold valuable data but invest less in security than enterprises, making them attractive targets. The cost of a managed cybersecurity service (£15–£25/user/month) is far lower than the average breach cost of £3,550.
Why Small Businesses Are Targeted
Attackers target small businesses for several practical reasons.
Weaker Defences
Small businesses often lack dedicated security staff, relying on basic antivirus and hoping for the best. Attackers exploit this gap.
Valuable Data
Small businesses hold customer data, financial records, and intellectual property. This data has value to attackers whether through ransom, fraud, or resale.
Supply Chain Entry
Attackers compromise small businesses to gain access to their larger clients. If you work with enterprise customers, your security is their concern too.
Low Detection Rates
Without monitoring, small businesses may not detect a breach for weeks or months — giving attackers time to extract maximum value.
No Cybersecurity vs Basic vs Managed Security
What different levels of investment actually deliver for a small business.
| Feature | No Security£0/mo | Basic (DIY)£3–£8/user/mo | Managed Security£15–£25/user/moRecommended |
|---|---|---|---|
| Antivirus/antimalware | |||
| Email filtering | Basic | ||
| Endpoint detection (EDR) | |||
| 24/7 monitoring | |||
| Incident response | |||
| Cyber Essentials support | |||
| Staff awareness training |
Pricing indicative for businesses with 10–50 users.
Frequently Asked Questions
Only 14% of UK businesses formally review cyber risks from their immediate suppliers. 35.5% of all global data breaches in 2024 originated from third-party compromises. Supply chain attacks add an average of £241,620 to the total cost of a breach and take 267 days to detect and contain.
MFA requires two or more verification methods to access an account. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Only 40% of UK businesses have two-factor authentication enabled (DSIT 2025). MFA can prevent more than 99.9% of account compromise attempts.
Yes. 50% of small businesses (10-49 employees) reported a cybersecurity breach in 2025. UK small businesses face around 65,000 hack attempts daily, with approximately 4,500 successful breaches. More than a quarter of SMBs say a single cyber attack could put them out of business entirely.
Organisations with Cyber Essentials certification are 92% less likely to make a claim on their cyber insurance. Certification is mandatory for UK government contracts involving sensitive data. Only 3% of UK businesses are currently certified, giving certified businesses a competitive advantage.
The average cost of the most disruptive breach is £3,550 for UK businesses. For businesses that experienced negative outcomes such as data loss or financial theft, the average cost rises to £8,260. Medium and large businesses face average costs of £10,830 per disruptive incident.
Protect Your Small Business
A free security assessment takes 30 minutes and identifies your biggest risks. No obligation, no hard sell.
Related Resources
How Much Does Managed Cybersecurity Cost?
Per-user pricing for managed cybersecurity services for UK SMEs.
Cyber Essentials Certification
The UK government's baseline cybersecurity certification — the essential starting point.
What Is Ransomware?
Understanding ransomware — the most financially damaging cyber threat to UK SMEs.