What is business email compromise (BEC)?

BEC is a type of fraud where attackers impersonate executives or suppliers to trick employees into transferring funds or sharing sensitive data. BEC attacks increased 33% in 2025. The average loss per BEC incident is $137,000. Even organisations with fewer than 1,000 employees face a 70% weekly probability of a BEC attempt.

What are the biggest cybersecurity threats for UK SMEs in 2026?

The top threats are phishing (85% of breaches), ransomware (doubled year-on-year), business email compromise (increased 33% in 2025), and supply chain attacks (35.5% of all breaches now originate from third parties). AI-powered attacks are accelerating all of these threat categories.

How common are cyber attacks on UK businesses?

43% of UK businesses experienced a cybersecurity breach or attack in the past 12 months, according to the DSIT Cyber Security Breaches Survey 2025. For medium-sized businesses, this figure rises to 67%. Phishing remains the most common attack type, affecting 85% of businesses that reported a breach.

What is multi-factor authentication and why do we need it?

MFA requires two or more verification methods to access an account. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Only 40% of UK businesses have two-factor authentication enabled (DSIT 2025). MFA can prevent more than 99.9% of account compromise attempts.

How much does a cyber breach cost a UK business?

The average cost of the most disruptive breach is £3,550 for UK businesses. For businesses that experienced negative outcomes such as data loss or financial theft, the average cost rises to £8,260. Medium and large businesses face average costs of £10,830 per disruptive incident.

AEO Answer

What Is Dark Web Monitoring and Does My Business Need It?

A clear, direct answer to this question — written for UK business owners and IT decision-makers.

Last updated: March 2026

Direct Answer

Dark web monitoring continuously scans dark web forums, marketplaces, and data dumps for your business email addresses, credentials, and sensitive data. When stolen credentials appear for sale, you are alerted before attackers use them. Most businesses discover compromised credentials only after an account has been breached. AMVIA includes dark web monitoring as part of its managed cybersecurity service, with automated alerts for any matching credentials.

Key Points

What you need to know.

The Short Answer

A concise overview of what you need to know.

For UK Businesses

How this applies specifically in the UK context.

Cost Considerations

What to expect in terms of investment and ongoing costs.

Next Steps

What you should do with this information.

Quick Comparison

Feature	Option A	Option B

Frequently Asked Questions

Need More Detail?

Speak to an AMVIA expert for advice tailored to your business.

Free Cybersecurity Health Check