Authorities wages cyber marketing campaign as half the UK’s SMEs are breached
The federal government is urging companies, particularly small and medium-sized enterprises (SMEs), to “lock the door” to fend off cyber attackers.
Its marketing campaign is being launched on the again of presidency analysis that exposed cyber threats value UK companies £14.7bn a 12 months, with half of small corporations experiencing one previously 12 months. And whereas massive corporations are taking motion, the federal government desires smaller ones to bolster their defences.
The marketing campaign will exhort SMEs to have interaction with the federal government’s Cyber Necessities scheme, which is claimed to spell out clear, sensible steps to foil cyber assaults. This contains maintaining software program updated and controlling who has entry to accounts and knowledge.
Alongside the marketing campaign, however with much less of an SME focus, the Division for Science, Innovation and Know-how (DSIT) is publishing its Cyber safety longitudinal survey, which reveals 82% of medium and huge companies suffered a cyber incident previously 12 months, as did 77% of charities.
The survey first befell in 2021. The report printed right this moment, 16 February 2026, covers findings from the fifth wave of examine. The survey was carried out between June and August 2025 and interviews have been performed between September and October 2025.
The interviews explored cyber incidents, uptake of presidency merchandise, cyber safety insurance policies, cyber safety processes, cyber safety budgets and understanding cyber safety behaviour change, in response to the report’s govt abstract.
Different authorities analysis, additionally being cited in help of the “lock the door” marketing campaign, reveals that incidents value a median of £195,000; and, in response to the Cyber safety breaches survey 2025, that half of all small companies suffered a cyber breach or assault within the year-long interval as much as mid-2025.
The Cyber safety longitudinal survey signifies that the proportion of organisations reporting adherence to the Cyber Necessities programme rose considerably previously 12 months, for each companies (30% vs 23%) and charities (28% vs 19%). DSIT has additionally acknowledged that 92% fewer insurance coverage claims have been made final 12 months by organisations with Cyber Necessities in place.
Nonetheless, the brand new survey reveals that provide chain administration stays a weak spot amongst each charities and companies.
Lower than a 3rd of organisations acknowledged they carried out formal evaluation of suppliers previously 12 months (28% of companies and 26% of charities). Organisations additionally “usually lacked consciousness about cyber safety incidents of their provide chains, acknowledging they doubtless occur with out their data”.
Liz Lloyd, Parliamentary under-secretary of state at DSIT and the Division for Enterprise and Commerce, and member of the Home of Lords, mentioned: “No enterprise is out of attain from cyber criminals. SMEs play a significant function in our economic system, and enterprise homeowners work extremely exhausting to construct one thing worthwhile, however too many nonetheless assume cyber criminals solely go after huge manufacturers. The truth is criminals search for simple alternatives, and with out primary protections in place, any enterprise of any dimension can develop into a goal.
“I do know smaller corporations don’t have massive IT groups, and that’s precisely why Cyber Necessities issues. It supplies a simple guidelines to lock the door on cyber criminals, without having specialist experience. Cyber threat is enterprise threat, identical to hearth or theft, and the protections are simply as important”.
Developed by the Nationwide Cyber Safety Centre (NCSC) and DSIT, Cyber Necessities focuses on firewalls, safe configuration, software program updates, person entry management and malware safety.
Richard Horne, chief govt of the NCSC, mentioned: “Many small enterprise homeowners assume their enterprise is simply too small to be on cyber criminals’ radar, however in actuality, we all know most attackers don’t care about dimension, popularity or logos – they’re in search of alternative and weaknesses.
“Small companies don’t have to go to the ends of the earth to place baseline cyber safety measures in place, because the Cyber Necessities scheme may help them take sensible steps right this moment. I urge all companies to implement the 5 key safety controls to assist shield themselves in opposition to the commonest, damaging on-line threats.”
