Cyber attacks on big-name brands might dominate headlines, but small and medium businesses are firmly in the firing line too, according to new research from BT and Be the Business.
Two in five SMEs have not provided any cyber security training to their staff, despite a sharp rise in attacks. In the past 12 months, 42% of small businesses and 67% of medium-sized firms have experienced a breach. Many of these incidents could have been prevented with simple, low-cost tools and training.
Most breaches are avoidable
The research shows that micro and small businesses pay an average of nearly £8,000 to recover from their most serious cyber breach. That figure doesn’t include the long-term impact on operations, customer trust or business continuity.
Phishing remains the most common threat, targeting 85% of businesses, but more advanced attacks are on the rise. Ransomware incidents have more than doubled in a year, and so-called “quishing” scams – where criminals use fake QR codes to steal data – have surged by 1,400% in five years.
New training launched for SMEs
To help businesses respond, BT has launched a new cyber security training programme for SMEs, in partnership with Be the Business. The aim is to provide practical guidance on how to guard against emerging threats, including AI-driven attacks and stolen credential breaches.
The training was unveiled at a small business event in London and includes expert advice on how to spot next-generation risks, even without a dedicated IT team. The focus is on low-cost, high-impact measures that can dramatically reduce a company’s vulnerability.
Cyber security is now business-critical
While many small businesses assume cyber crime is a problem for bigger companies, the evidence suggests otherwise. Criminals often see SMEs as softer targets with weaker defences and little in-house expertise.
Worryingly, a growing number of SMEs say they’re unsure how to respond. BT’s data shows that 46% of business leaders rely on outside experts for advice, while 69% are exploring AI tools to help defend their operations. At the same time, 18% list AI as one of their biggest cyber concerns.
Getting started doesn’t need to be expensive
Fortunately, effective cyber security doesn’t have to mean enterprise-grade software or full-time IT staff. Basic staff training, password hygiene, multi-factor authentication and good backup habits can go a long way.
For sole traders and micro businesses, staying alert to scams, keeping software up to date, and being cautious with links and downloads are all part of the mix. And with free or low-cost training now more widely available, there’s little excuse to stay in the dark.
ByteStart’s cyber security tips for the self-employed
- Use strong, unique passwords for all your online accounts
- Turn on multi-factor authentication wherever possible
- Install security updates for your devices and software without delay
- Back up important data regularly to the cloud or an external drive
- Be wary of links and attachments in unexpected emails or texts
- Don’t scan QR codes from unknown sources
- Use antivirus tools or browser security plugins as an extra layer
- Know who to contact (your bank, hosting provider, or IT support) if you think you’ve been compromised
Find out more
You can read more about BT’s SME cyber training programme and access practical resources via the BT Business website: https://www.bt.com/business/security/sme
Qdos self-employed insurance from £4.58/month
Public liability, employers liability and PI cover • Trusted by thousands.
ByteStart partner for 15 years • Rated 4.9/5 (exceptional) on Feefo.