The UK’s cyber blindspot lies with its SMBs
Small and medium sized businesses (SMBs) in the UK are facing an escalating cyber security crisis, experts have warned.
According to Hugues Foulon, chief executive of Orange Cyberdefense, cyber attacks on SMBs have surged by 53 per cent, yet only 21 per cent of SMB chief executives are aware of their cyber risks.
This alarming statistic highlights a significant vulnerability within the UK’s business landscape.
“SMBs are under siege”, Foulon told CityAM. “Cyber attacks are up, and CEOs aren’t aware. This lack of awareness is a critical vulnerability”.
The financial toll of an evolving landscape
The financial implications of cyber attacks on UK businesses are staggering, with attacks costing UK businesses £44bn over the past five years.
Within that, SMBs have been hit the hardest. For these firms, the average cost of a cyber attack is far higher – at approximately £3,398, rising to £5,001 for those with 50 or more employees.
Yet, smaller firms continue to under-invest in cyber security, with over a third (38 per cent) of these businesses investing less than £100 annually in cyber security, and over half of their employees having never received any cyber training.
Meanwhile, the threat landscape is not only growing, but also evolving, with emerging threats developing in connected industries like the automotive sector, where connected and autonomous cars becoming new targets.
The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in severe cyber attacks over the past year, warning of a widening gap in the nation’s ability to combat such threats.
Foulon said: “Every connected device is a potential cyber target – from phones, to cars, to planes.”
AI in cyber: a double edged sword
Artificial intelligence is playing an increasingly potent role in cybersecurity, but while it can enhance threat detection and response, it also lowers the barrier for cyber criminals to launch sophisticated attacks.
Microsoft’s latest cyber signals report highlights a rise in AI-assistant scams, with over $4bn in fraud attempts thwarted in the past year alone.
Joe Whelan, head of IT security at Capital on Tap, said: “These powerful tools can add a transformative edge to our defensive arsenal, providing enhanced threat detection, predictive analysis, and automated responses.”
“However, whilst we’re standing on the brink of this AI-driven future, it’s crucial to remember that robust cyber security posture isn’t built on cutting edge tech alone. The foundation of any effective cyber security strategy is rooted in the basics.”
The same technology that fortifies defences, can equally be exploited by cyber criminals.
Akash Shrivastava, senior vice president at Inspira Enterprise, warned: “AI not only empowers cyber criminals – enabling even those with limited technical expertise to execute highly sophisticated attacks – but it also exposes the inadequacies of traditional security frameworks.”
Resilience beyond technology
Cyber resilience extends beyond tech solutions. Organisations must anticipate, withstand, recover from, and adapt to adverse conditions and attacks.
Robin Jones, head of technology, resilience and cyber at the UK’s Financial Conduct Authority (FCA), highlighted: “Resilience is key. Build effective cyber capability, implement effective accountability, and be prepared and able to enter recovery at any time”.
That was echoed by cyber security expert Stephane Nappo: “Cyber resilience is much more than a matter of technology. Agility, balance and high level view are indispensable”.
For SMBs, building these guards involves employee training, and the development and testing of response plans to ensure quick recovery time.
Continuous monitoring and collaboration with industry peers and experts were also advised by Orange Cyberdefense to enhance cyber resilience, ensuring the protection of their assets and the continuity of their operations.