Recovery from a serious breach costs micro and small firms an average of £7,960.
A new study by BT and Be the Business reveals that nearly 40 percent of UK small and medium-sized enterprises have not provided cybersecurity training, despite escalating cyber threats.
According to research from BT, last year 42 percent of small businesses and 67 percent of medium ones reported experiencing a cyber incident, with phishing identified as the most common method. Ransomware cases doubled year-over-year, while QR code-related scams, or "quishing," rose by 1,400 percent over five years.
BT estimates that recovery from a serious breach costs micro and small firms an average of £7,960.
Tris Morgan, BT's managing director for security, emphasised that even basic training and tools can significantly reduce risk. To address the gap, BT is launching a security training program tailored for SMEs, focusing on emerging threats like AI-driven attacks and digital fraud.
The report also shows increasing SME interest in AI-based defences and a strong reliance on third-party experts to improve cyber resilience.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
