Small and medium-sized businesses (SMBs) are increasingly targeted by cyber attacks, especially those orchestrated through automation and AI. Once seen as low-value, SMBs are now viewed as soft targets by attackers who know that even basic security flaws can unlock devastating access. The results? Disruption, data loss, increased costs and, in some cases, business failure.

In this blog, our Cyber & Information Security Manager, James Scott, covers the current threat landscape, the common elements of a number of recent attacks, how to best protect yourself as an SMB and how we can help in the process.

The current security landscape

Phishing is by far the largest type of attack we see across our customer base, and this is mirrored in the UK government’s latest Cyber security breaches survey 2025, where a reported 85% of businesses experienced one.

The same survey also found that the estimated percentage of all businesses who experienced a ransomware crime in the last 12 months increased from less than 0.5% in 2024 to 1% in 2025, which equates to an estimated 19,000 businesses in 2025.

Plus, research from Vodafone Business earlier this year found that nearly one-third of SMBs have no cybersecurity protections in place at all, and almost four-in-ten invest less than £100 a year in security; at the same time, other reports indiciate that 60% of small companies who experience a data breach go out of business within six months. And it’s not just small companies; the UK’s largest privately-owned logistics group, KNP, fell victim to a ransomware attack in 2023 and subsequently entered administration.

The security paradox?  The cybersecurity threat level is rising, yet many small and medium-sized businesses continue to believe they won’t be targeted. Across the industry, it’s widely acknowledged that most organisations lack a sufficient security posture or a robust cyber resilience plan to respond to the rapidly evolving threat environment.

SMB case study: Peter Green Chilled

Peter Green Chilled is a firm based near Shepton Mallet in Somerset that transports chilled food, mainly to regional stores including supermarkets such as Tesco, Sainsbury’s, and Aldi.

In May 2025, they confirmed they’d been the victim of a ransomware attack. Whilst its transport operations weren’t affected, they suspended order processing as in interim response; however, the short shelf life of their products that the company handles increased the pressure to pay the ransom. Although it’s not known whether Peter Green paid the ransom, six-in-ten organisations do.

Why are SMBs at risk of a cyber attack?

  1. An incorrect stance is that SMBs are too small for an attacker to warrant targeting. However, the reality is that their information and intellectual property is of value when re-sold.
  2. They are also unlikely to have dedicated security staff, and their execs are unlikely to have the time to spend on it themselves.
  3. SMBs are more likely to have lower security budgets – putting them off investing if they’ve not been a victim before (which always changes once they have been attacked! Read how A1 Pharmaceuticals reached out to us after they’d been hacked.)
  4. SMBs can also unknowingly expose their environments via excessive 3rd party or partner access.

How we can help: practical, affordable security

Effective security begins with strong foundations and the right tools, working together to prevent attacks before they can take hold.

Here’s our approach – a layered roadmap to resilience:

Secure foundations

 Get the basics right. Simple controls are often the most effective (which is why schemes like Cyber Essentials – discussed later – are so important).

Many basic security controls can help keep identities secure. Enforcing strong passwords, locking accounts after repeated failed attempts, separating administrator accounts from user accounts, ensuring platform access is only given to users  access who require it, and protecting all devices with robust anti-virus and anti-ransomware tools – all contribute to reducing the attack surface.

Robust cyber hygiene principles: prevention

We believe all businesses should adopt strong cyber hygiene practices as a core defence strategy.
This includes:

  • Regular and continuous patching of both hardware and software
  • Removing end-of-life platforms before their protection expires
  • Enforcing multi-factor authentication (MFA) for all users on all platforms
  • Vulnerability scanning and proactive remediation
  • Structured onboarding and offboarding processes
  • Regular reviews of data flows to identify where information is processed
  • Network segmentation to limit potential of lateral movement
  • Reliable backups, including immutable options to defend against ransomware and other threats
  • Securing remote access for hybrid and mobile workforces
  • Continuous penetration testing to validate defences

When implementing these controls, a business will both reduce the likelihood of breach and limits it’s potential impact.

Embrace security tools – Detection & Response

Arming your business with the right tools is essentials to detecting and responding to emerging threats, with solutions such as ITDR, EDR / MDR, and SIEM / SOAR providing these capabilities.

So, what do they do?

  • ITDR focuses on protecting digital identities (users, admins, and service accounts) from compromise by detecting suspicious behaviour, privilege misuse, and credential-based attacks.
  • EDR monitors endpoint activity (laptops, servers, devices) for threats, providing deep visibility and automated response. MDR adds 24/7 expert-led monitoring and threat hunting.
  • SIEM centralises logs from across the environment to analyse patterns and detect threats. SOAR adds automation, playbooks, and streamlined response workflows.

Once deployed across your estate and properly configured, these solutions can identify and remediate many attacks before they have a chance to succeed.

Training and awareness

Ensure all staff are prepared for dealing with the risks, from the front line.

Regular training modules (sent to all staff – no matter the seniority!), focused around emerging and current threats will put them in the best place possible for dealing with potentially risky cyber situations.

Dark web monitoring can also be valuable at the organisational level, as it gives an insight into scenarios where sensitive credentials may have fallen into the wrong hands. This would then prompt remediation steps such as changing passwords, reviewing identity logs and searching for traces of unnoticed information stealer malware.

Standards and compliance

Whilst being compliant doesn’t always equal being secure, there are several recognised security standards that organisations can adopt to strengthen their security posture. Within the information security space, the following frameworks are particularly relevant.

Cyber Essentials, a scheme developed by the UK Governments National Cyber Security Centre (NCSC), was designed to provide small businesses with a baseline set of security controls that significantly reduce risk exposure.

According to the NCSC:

  • Compliant companies made 92% fewer insurance claims,
  • 88% of companies believe it has improved their understanding of Cyber Security risks
  • 89% would recommend certifying
  • 69% believe they have become more competitive in their respective markets

Following this, companies interested in compliance of Information Security best practises and principles may choose to pursue Cyber Essentials Plus and ISO 27001.

For organisations seeking to go further, Cyber Essentials Plus adds an assessor-verified audit, providing external validation of the controls implemented.

ISO 27001 represents a more comprehensive approach, requiring a top-down review of organisational information security and addressing controls across organisational, people, physical, and technological domains.

Compliance with recognised security standards is increasingly becoming a prerequisite for commercial contracts (both public and private sector) and for obtaining cyber insurance coverage.

We maintain certification across all three standards, each of which provides demonstrable value to our business and our customers.

Managed services

For businesses that lack the time, expertise, or desire to manage IT services in-house, managed services offer a reliable way to access professional support and security expertise, without the overhead.

How we can help

We provide a range of managed security services designed to protect your business around the clock:

  • 24/7 managed antivirus, MDR and ITDR solutions
    Continuous monitoring and response to threats, ensuring your endpoints are always protected.
  • Security vulnerability assessments and configuration reviews
    Identify vulnerabilities and misconfigurations before they become risks.
  • Cloud posture assessments and hardening
    Strengthen your cloud environments with best-practice configurations and proactive security measures.
  • Managed backup solutions
    Reliable, monitored backups for both on-premise and cloud environments.
  • Immutable backups
    Protect your data from ransomware and accidental deletion with tamper-proof backup solutions.

Conclusion

Recent security breaches at large household names have highlighted the importance of learning the lessons of others, and protecting ourselves against similar threats.

This shift reflects a growing reality: threat actors go where defences are weakest. Too often, that’s in mid-sized organisations who have traditionally flown under the radar.

SMBs face increasing risk, but the solution is clear: adopt a layered, zero‑trust model – secure external access, patch continuously, monitor effectively and validate your hygiene by maintaining recognised security standards.
These targeted, cost-effective measures build resilience without breaking the bank – and may just save your business.

Not sure where to start? Or feel confident about your security posture but want a second pair of eyes? Contact our team to talk to our experts.