In this article, we’ll cover:
- The shift in cyber awareness among SMEs.
- What threats smaller businesses are now facing.
- The tools available for SMEs to improve their security posture.
- What SMEs need to be aware of going forward.
36% of businesses now rank cyber security as their most significant risk. The increased sophistication of attacks, and the damage they cause, isn’t reserved for larger enterprises, however. Right now, SMEs are becoming prime targets for these external threat actors.
For these smaller businesses, the average cost of recovery stands at £7960. While larger businesses can absorb these costs and implement more stringent measures, SMEs don’t always have that luxury. One costly attack can bring everything down.
Gamma’s Head of Security Practice Tom Chedham sat down with James Bustin, MD of Associated Telecom, to discuss their journey with cyber security. With growing customer awareness around cyber security, SMEs need readily available tools to protect and prepare their business. Gamma’s partner community are perfectly capable of supplying them.
‘People just had this idea that it won’t happen to us’
Associated Telecom specialise in providing services to UK SMEs. James mentions how, among their customer base, there’s been a shift in their opinions around cyber security. The conversation a year ago was always ‘they’re after the big companies’, but a string of attacks in the news has got them thinking twice.
The cyber attack against M&S dropped H1 profits in 2025, compared to the previous year, by 99%. Such a high-scale, damaging attack made people ‘sit up and notice’, especially when considering their considerable IT resources. SMEs certainly took notice and no longer need to be persuaded about how integral cyber security can be.
Both Tom and James expressed surprised on how the attack on M&S spurred a greater reaction compared to the WannaCry ransomeware attack on the NHS in 2017. The closure of KNP stemmed from one employee password, and only compounded SME fears over cyber security. Hackers stealing pictures, names and addresses of children from the Kido nursey chain acts as an emotional trigger that encourages SMEs to shore up their defences.
Large enterprises are always seen as the main target for cyber criminals, but every organisation is a target.
‘They’re no longer the ‘Prince of Ghana’ scams’
SMEs don’t have the same budgets as enterprises. Lacking resources is a challenge, but it’s an educational gap that can really cost a business. Phishing emails, poor password practice, and minimal staff training around cyber security can all take their toll.
Highly convincing phishing emails, which appear to come from a senior figure, are a common tactic. Attackers can gain control of an entire address book and cause reputational damage as a mass of emails are sent out. Familiarity and authority are just two ways for these attackers to exploit an organisation’s weakness.
The mindset shift among SMEs around cyber security is being accompanied by a shift towards sophisticated impersonation. No longer is the ‘Prince of Ghana’ making an appearance in someone’s inbox on a Monday morning.
For James, more needs to be done around staff education. The assumption that employees will pick up knowledge as they go along can be damaging. After all, attackers are happy to exploit the ‘my boss wants me to do this’ angle with great reward.
A lack of onboarding policies, open Wi-Fi, and unprotected devices are just a handful of challenges SMEs need to deal with. Cyber security buzzwords all appear as jargon, and the longer they go without appropriate knowledge, the greater the risk becomes.
‘It’s about helping customers dip their toe in the water’
SMEs need cyber solutions that meet them where they are. These services must be simple, affordable, digestible, and delivered in incremental steps. It’s why SafeWeb suits SME needs – it’s enterprise-grade security for smaller businesses.
James speaks of Associated Telecom and their own SafeWeb journey. Customers lacked dedicated IT teams, creating a viable opportunity to provide a cyber security solution built for the market. At a time when businesses are in a ‘race to the bottom’, the ability to provide services with real added value helps Associated Telecom stand out.
Once customers understand the scale of the cyber security challenge, that’s when the value is revealed. When they see the reports around information leaked on the dark web, it’s a powerful message. Better still, as SafeWeb is built for SMEs, it’s ‘designed to fit [their] wallets’ as well.
SafeWeb has never been a ‘hard sell.’
‘The clock is ticking’
Speaking on behalf of customers, James sees cyber security ‘becoming more and more paramount.’ As attacks become more sophisticated and harder to detect, education and knowledge will make a real difference. At the same time, technological innovations will also play a part.
AI, as Tom rightly says, ‘is everywhere now.’ It can be deployed on both sides of the cyber security equation, and customers need to understand the nuances around it. If they’re taken through the cyber security step by step, they’ll be able to appreciate how AI enables smarter training, reporting, and 24/7 monitoring.
There’s also a growing interest in Cyber Essentials, which marks a change from 12 months ago. Now that it’s the forefront of people’s minds, James encourages customers to think about it now rather than 12 months down the line. If they do, they’ll ‘[miss] the boat’ and lose cyber security credibility compared to their competitors.
If Cyber Essentials becomes a mandatory component of the supply chain, expect a wave of businesses try and meet those regulatory standards. Much like the GDPR scramble, it’ll be a race against time to stay compliant.
‘We all need to protect ourselves’
SMEs are waking up to the fact that their businesses are at greater risk compared to larger enterprises. While not lucrative targets, they’re by far the easiest. Burglars always go after the house without an alarm and will set their sights on a Ford Focus over a Ferrari for the ease.
Attackers can launch thousands of attacks but only need to succeed once. It’s a pivotal time for UK SMEs, which makes adopting a solution like SafeWeb even more important. When effective security meets simplicity, SMEs have the perfect solution for their needs.
No business is too small to be a victim. It could be now, a month, or even two years, but there’s an inevitability around it all. James is right; ‘we all need to protect ourselves.’
