03 January 2025

The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies. This included 43% admitting that their employees are not trained on best practices and potential threats, while just 35% encourage their employees to update passwords. Additionally, only 52% of SMEs use multi-factor authentication (MFA).

72% of SMEs said they have antivirus/anti-malware software in place, 49% have email filtering for spam and phishing emails, 47% have a firewall and 46% have secure Wi-Fi networks. Under half of surveyed companies conduct regular data backups (46%) and have data encryption (44%). More than two-thirds (69%) regularly update system software. The survey of 500 SMEs also found that half (49%) would not know what to do in the event a cyber-attack. 53% do not have cyber insurance in place in case of a breach.

When asked how they secure company data when accessed by employees working from home, 52% of SMEs said they use virtual private network (VPN) access, 48% train their employees on secure remote work practices and 46% have remote access policies and controls in place.

The biggest cybersecurity concern for UK SMEs for the future was the increasing sophistication of cyber threats (62%), fuelled by AI and other emerging technologies. This was followed by securing remote work environments (23%), ransomware and other forms of malware (22%), emerging technologies and their implications (21%), insufficient budget/resources for cybersecurity (19%) and vulnerabilities associated with third-party vendors and suppliers (19%).

“Staying ahead of cyber threats is crucial for small business owners, especially as AI-driven attacks continue to evolve. Having a robust cybersecurity policy in place can help create a framework to safeguard against ongoing threats, whilst cyber insurance can help to protect your business in the event of a targeted attack,” said Rob Rees, Divisional Director of Markel Direct.