Two in five (39 per cent) SMEs haven’t arranged cybersecurity training for their teams, according to a study by BT in partnership with Be the Business.
That’s despite four in 10 (42 per cent) small businesses having suffered a cyber attack in the last 12 months, increasing to two in three (67 per cent) for medium-sized companies.
The impact can be severe too, costing companies considerable time and money to recover from an attack. Micro and small businesses had to pay £7,960 on average to cope with their most disruptive breach when it resulted in damage, according to a recent Government survey.
The most common attack SMEs face is phishing, with email scams targeting 85 per cent of UK businesses. Damaging ransomware incidents, meanwhile, have more than doubled in the last 12 months, rising from affecting less than one in 200 businesses last year to one in 100 in 2025. A separate report by BT has revealed large businesses which are more proactive with their cyber security are more likely to grow than those who aren’t. It showed that these cyber agile companies have a 20 per cent higher growth rate on average.
In response, BT is strengthening its suite of security products with the launch of dedicated security training, to help SMEs understand the practical steps they can take to protect themselves against cyber attacks and potential breaches.
The training, unveiled today at an event for SMEs held at BT’s London headquarters featuring cyber security experts from BT, will educate small businesses about next-generation threats, including the role of AI and quantum computing. It also highlights the rise of attacks, including account takeovers, where stolen customer credentials are used to breach systems, as well as QR code scams – or quishing attacks – which have surged by 1,400 per cent in the past five years.
Tris Morgan, managing director for security at BT, said, “At BT, our mission is to enable UK businesses to grow and prosper, and we know the challenges SMEs face protecting themselves from growing cyber threats. These often include budget constraints and the lack of a dedicated cyber team, but for SMEs a cyber attack isn't just an inconvenience; it poses an existential threat.
“The good news is that effective cyber security doesn't require corporate-grade resources. With the right training, basic security measures and awareness, SMEs can dramatically reduce their risk profile. The key is recognising that, in today's digital landscape, cyber security is not a luxury but a foundation that enables companies to face forwards confidently, rather than forever looking over their shoulder.”