- 48% of small firms in the UK have experienced a cyber attack in the past 12 months.
- BT urges small businesses to strengthen digital defense amid rising cyber risks and targeted phishing scams.
What happened: BT survey reveals rising cyber threats for SMEs
BT has revealed that nearly half (48%) of small businesses in the UK have been hit by a cyber attack in the past year, based on new data from its cybersecurity research. The telecoms group surveyed over 1,000 decision-makers and found that many of these businesses lacked sufficient cybersecurity protection, despite being aware of growing threats. The attacks most commonly involved phishing, malware and unauthorized access to systems. About 26% of businesses also reported attempted fraud involving customer data.
A key finding in the BT report was that only 16% of small firms felt fully confident in dealing with cyber threats, although more than half said they had seen an increase in attempted attacks compared to the previous year. The report suggests that many companies underestimate their appeal to attackers. BT’s managing director for small and medium enterprises, Chris Sims, said that “cybersecurity is now essential for every business, no matter the size.”
Also read: BT’s CEO Allison Kirkby warns AI may cut more jobs
Also read: BT launches international unit amid sale speculation
Why it’s important
Small businesses form the backbone of the UK economy. There are over 5.5 million small and medium-sized enterprises (SMEs) in the UK, accounting for more than 99% of all businesses, according to data from the Federation of Small Businesses (FSB). Yet many of these firms lack dedicated IT teams or cybersecurity budgets. This makes them more vulnerable to attacks, particularly as cyber criminals increasingly target small firms that store customer or payment data but may not have advanced protection tools.
These attacks can be financially and reputationally damaging. For example, a recent ICO report showed how a small retailer was fined after a ransomware incident exposed sensitive customer information. Moreover, phishing and ransomware attacks are no longer only aimed at large corporations. Remote work, cloud systems and online payment platforms have expanded the attack surface for SMEs, especially in retail, healthcare, legal and education sectors. Many use basic consumer-level antivirus rather than enterprise-grade solutions, putting sensitive records at risk.
BT is calling for wider adoption of managed security services. Sims stressed that “simple steps like staff training and using strong passwords can go a long way.”
