When it comes to cybercrime in the UK, the 2021 statistics speak for themselves:

  • 11.3% of UK IT budgets are spent on security, ranking us below the United States, China, Brazil, Turkey, Columbia, South Africa and others.
  • Last year, ransomware attacks affected 73% of UK organizations, a 15% increase on the previous year.
  • Although 43% of ransomware attacks were stopped before the data encryption stage, for the successful attacks, 13% of UK companies ended up paying the ransom – well below the global average of 26%.
  • The average cost of each attack was approximately £1 million, a decrease of the £1.8 million reported by Sophos in 2020.
  • IBM Cost of a Data Breach Report 2021 states that the average cost of a breach for UK firms was $4.7 million last year, more than the global average of $4.2 million.
  • The NFIB Fraud and Cyber Crime Dashboard confirms that fraud and cybercrime cost the country £3.1 billion from April 2021 to April 2022 based on 427,00 reported incidents.

The impact of ransomware and data breaches are devastating. From a global perspective, 90% of companies have said that a ransomware attack severely affected their operational ability. 86% reported a loss of revenue and customers as a result of an attack. Last week, we asked the question – with daunting facts like these, are UK businesses, especially SMEs, taking cybersecurity and cyber hygiene seriously?


We all know the expression ‘talks the talk but doesn’t walk the walk.’ Some say that it could apply to how SMEs approach their cybersecurity. Of SMEs surveyed for The State of UK SME Cybersecurity Report, 32% of respondents said that they didn’t have a security programme. Almost a quarter – or 24% – had never conducted a security audit. 25% of UK SMEs spend less than £1,000 a year on cybersecurity. 51% OF UK SMEs have stated that their investors would prefer them to take risks and focus on growth but not invest in cybersecurity. A survey by Global Data published in June revealed that only 21% of UK micro-businesses had cyber insurance, compared to 40.1% of small businesses and 54.3% of medium businesses.


So why are these SMEs such risky businesses? Some think that they will never be a target of a cyberattack and others say that their operation is too small to be preyed upon. But other factors come into play. Many SMEs don’t have the financial and human resources to maintain adequate cybersecurity and cyber hygiene. Some find cybersecurity inaccessible and too complicated. The coronavirus pandemic and its buddy, remote working, have also increased risk to exposure and cyberattacks. Oliver Pinson-Roxburgh, CEO at, succinctly captured the current cyber mood of UK SMEs and said:

“British SMEs are not taking cybersecurity seriously, often through no fault of their own. The pandemic has led to a massive increase in remote working, with many small businesses operating a distributed workforce for the first time. In this time of heightened threats and remote work, a low-security budget and lack of cyber skills can seriously impact the competitiveness of SMEs. A successful cyberattack has the potential to put an SME out of business, resulting in lost jobs and livelihoods.”


SMEs need not despair, though. It is possible to walk the walk, even starting with baby steps. The UK National Cyber Security Centre (NCSC) has published, and regularly updates, a Small Business Guide: Cyber Security. SMEs are given advice on backing up data, protection from malware and ransomware, keeping smartphones safe, password management and how to avoid phishing attacks. The NCSC also offers a personalised Cyber Action Plan for sole traders and micro businesses. And when you are ready for your next steps, there’s Cyber Essentials.


One of your best defences against cybercrime is to deploy the NCSC’s Cyber Essentials Scheme. The game plan has two offerings:

  • Cyber Essentials – a self-assessment option that will protect you against a wide variety of the most common cyberattacks.
  • Cyber Essentials Plus – the same as the basic offering but also includes a hands-on technical verification

Cyber Essentials key controls include access control, malware protection, secure configuration/network management, firewalls, updating software, and patching. You can get certified through the IASME consortium and the NCSC also provides a Cyber Essentials readiness toolkit so you can create a personal action plan for your cybersecurity.


The benefits of being Cyber Essentials compliant are wide-ranging and many but here is a handful:

  • Good knowledge of your level of cyber hygiene
  • Protected against 80% of cyberattacks
  • Reduced cyber insurance premiums
  • GDPR compliance
  • Eligible for government tenders
  • Trust established with your supply chain


With 15+ years of experience in the field of professional IT support, I am committed to providing individuals and SMEs with the best cybersecurity protection available. As a specialist in risk mitigation, I am an advocate of the NCSC’s Cyber Essentials scheme. Contact me today and let’s get you cyber compliant.


On Wednesday, 26 October, the Head of Zhero’s R&D division, Professor Muttukrishnan Rajarajan (Raj) and Jamie Chamberlain will host an informal Q&A on Cyber Essentials and why the scheme is essential for your business. The event starts at 10 am and will run for about 30 minutes. Don’t delay – book your place today.

Leave a comment