International Cyber Expo International Cyber Expo
  • About Us
Wednesday, 8 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

SMEs can be the weak link in the cyber-security chain – and we should help them

Sonia Blizzard, managing director at Beaming, explains why the business community is only as strong as its weakest link.

by Beth Smith
October 29, 2020
in Insight
SMEs can be the weak link in the cyber-security  chain – and we should help them
Share on FacebookShare on Twitter

Small businesses are now on the front line in the fight against cyber crime. The vital position many SMEs have in supply chains means cybersecurity professionals should be doing everything to support small business leaders – for the benefit of everyone.

 

The number of UK businesses succumbing to cyber attacks has doubled in the last five years.

 

Around 1.5 million (or a quarter of all UK businesses) fell victim in 2019. This was the top-line finding from our recent ‘5 Years in Cyber Security’ report, a rolling analysis of cyber threats in the UK.

 

And the biggest spike in victim rates was in the small-business community. 28% of 11-50 person firms fell victim in 2015, a proportion that more than doubled to 62% in 2019.

 

The tactics and methods cyber criminals have used over the past five years have changed. We’ve seen a clear rise in phishing and the growing use of automated attacks – allowing hackers to launch increasingly sophisticated attacks with unprecedented scale and frequency on businesses of all sizes. Where cyber crime was once aimed at large companies, small businesses must now act to defend themselves

 

Are we keeping pace with cyber criminals?

 

Many business leaders, particularly at the smaller end of the spectrum, don’t fully recognise the threat. Or they wrongly assume that their broadband router and antivirus systems will be sufficient. Most need to do more to protect themselves.

In January 2020, 69% of micro-businesses and 58% of small companies had only minimal levels of cyber security protection in place. That means they relied on anti-virus software and basic router protection only.

However, there is evidence of change. More than a fifth of small (20%) and medium-sized (24%) businesses now discuss a range of cyber threats at board level, while the proportion of businesses taking additional steps to mitigate cyber risks has increased from 16% in 2015 to 37% last year.

 

But this doesn’t always translate into action. Even the simplest steps, such as having a documented cyber security policy, have been taken only by 9% of the businesses surveyed. Defences – like an intrusion-detection system – have only been adopted by 10%. And only 1 in 10 SMEs have insurance against cyber crime.

 

This could be because SMEs feel they won’t be a target because they are too small to interest the hackers. But most attacks are indiscriminate, driven by algorithms, which scour the internet looking for any vulnerabilities.

 

Criminals are targeting the weakest link

 

The risk of an SME lacking robust cyber security doesn’t stop with that business. Criminals study companies and the networks they interact in to find a weak link in the supply chain. This is why education for SME leaders is so crucial. Larger companies must expand their risk consideration beyond the boundaries of the organisation; they have to ensure suppliers stick to the same security principles they do – taking steps to educate and mitigate the risk if they do not.

 

Rather than simply guarding what’s ours, we need a cyber-security culture that means we all look out for those we do business with too. Just like herd immunity, if enough businesses are well secured, the impact of denial-of-service attacks, viruses and other attacks will be greatly diminished.

 

Where to start?

 

Practical advice shouldn’t always come with a price tag. When advising SME leaders, it’s important to remember their size and inability to take on massive infrastructure projects. Instead, promote steps towards security that are effective and achievable.

 

For example, people are often the route in. This is especially prevalent with the rise of phishing attacks, with near tripling of victim rates in the last five years. By educating employees on how to spot phishing emails, and promoting a culture of openness and admission of fault (before attacks can get out of hand), leaders can address a huge problem on a small budget.

 

This isn’t to say you can cut corners with your security, but spreading awareness of steps like two-factor authentication, password management and physically backing up data will go some way to securing supply chains, with very little effort.

 

The business community is only as strong as its weakest link. Those in the cyber security space can still do more to improve education among SMEs – protecting those firms and the ones they do business with.

 

Sonia Blizzard is managing director of Beaming and a finalist in the Security Serious Unsung Heroes Awards 2020 for ‘Best Awareness Campaign’ 

 

ShareTweet
Previous Post

Home Depot sends customers emails containing strangers data

Next Post

Iranian attackers hack conference attendees’ emails according to Microsoft

Recent News

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

July 7, 2026
George Murnane’s One-Question Test for Real AI

George Murnane’s One-Question Test for Real AI

July 7, 2026
Registration Now Open for International Cyber Expo 2026

Registration Now Open for International Cyber Expo 2026

July 7, 2026
Forescout

Forescout recognised by NATO for cybersecurity capabilities across IT and OT environments

July 7, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol