SMEs: Common Cybersecurity Mistakes

Small business team working at an office

The Threat

The value of SMEs in our society cannot be overstated. In the UK, 16.4 million people are employed by SMEs*, which is equivalent to 61% of the national workforce*. In the face of rapid technological innovation, these organisations are facing new, technological challenges. Cyberattacks are becoming ever-more prevalent and are a growing issue that is impossible to ignore. SMEs are particularly susceptible to this danger due to their often-limited resources and lack of security expertise.

  • An estimated 10,000 SME-targeted cyberattacks occur daily in the UK*.
  • Data suggests half of all SMEs suffered a cyberattack in 2022.
  • Huge financial losses are common.
  • Irrecoverable reputational damage is common.

Hidden Vulnerabilities

Vulnerabilities can go unnoticed in software and systems indefinitely, effectively leaving the back door of an SME’s operations wide open.

The WannaCry ransomware outbreak, which devastated businesses globally, was reliant on a preventable vulnerability called EternalBlue. It acted by encrypting users’ files remotely, and demanding a sum to be paid in return for the recovery of their files. Had the affected businesses undertaken regular vulnerability scanning, 200,000 systems would not have been compromised.

Lack of Employee Awareness

84% of cyberattacks rely on social engineering*. Individual employees are targeted regularly, and enable criminals via attacks such as phishing.

SME Employee risks:

  • Employees are unlikely to be trained to a high standard on the threat of cyberattacks.
  • Employees often fall victim to malicious, targeted exploitation.
  • Breaches enabled by employees will often go undetected until it is too late.

Training employees on cybersecurity is important. But carrying out behavioural testing to ensure that the training is embedded is more important. While putting adequate breach protection in place so that damage can be minimised if an employee does fall victim to an attack.

Implementing clear security functions also aids the creation of a workplace culture that fosters cybersecurity measures. This can increase employee awareness of the threat, reducing the success rates of social engineering attacks.

Inadequate Cybersecurity Personnel

It is crucial that SMEs hire knowledgeable individuals that understand how to find and address vulnerabilities. Without this, organisations are forced to implement systems that they do not understand. This will always lead to missed vulnerabilities, and is a time-consuming process.

However, for many organisations, hiring a full-time specialist is not a cost-effective strategy as it can cost a business an average of £55,000 per year.

In this case, outsourcing to professionals with the relevant experience is a more cost-effective solution, to allow for broad, comprehensive implementation of cybersecurity measures.





*GOV.UK Business Population National Statistics (2022)

**The Federation of Small Businesses (2019)

***The European Union Agency for Cybersecurity (2021)

Share this post:

Other posts you may be interested in

Book a free consultation with a Cyber Safe expert

Our experts can discuss penetration testing, web or mobile application pen testing, continuous protection, and all levels of certification.

Contact our cyber team to discuss any and all of your cyber needs.
Fill in the form below and one of the Cyber Safe experts will be in touch.
  • Newcastle office: 0191 249 3003
  • London office: 0203 793 9679