WPI Strategy has today published a new report, commissioned by Vodafone, Protecting our SMEs: cybersecurity in the new world of work. The report argues that the UK’s economic recovery from Covid-19 is at risk if steps are not taken quickly to ensure that SMEs are sufficiently equipped and protected to withstand a cyberattack.

Cyberattacks were already costing the UK economy £34 billion a year pre Covid-19 but this report finds that almost a third of SMEs (31%), which includes any business with fewer than 250 employees, have seen an increase in attacks since the beginning of the first lockdown in March 2020 – a figure which may well be higher today. With over 75% of UK SMEs now operating remotely the risks are heightened, with prolonged lockdowns and remote working putting systems at risk.

Polling for the report finds:

• Almost a quarter (23%) of small and medium-sized enterprises (SMEs), the equivalent of 1.3 million businesses, would collapse if forced to deal with the cost of an average cyberattack

• Polling shows 16% of SMEs, the equivalent of almost a million, said that the cost of a cyberattack would likely mean having to lay off staff

• Almost a third of SMEs have seen an increase in attacks since the beginning of the first lockdown

Anne Sheehan, Business Director, Vodafone UK said: “Cyberattacks are an existential threat to Britain’s small businesses, yet nearly a third have no cybersecurity strategy in place. This report’s stark findings are a warning that as SMEs do more and more of their business online, it is vital that they take the steps they need to keep themselves safe – and that Government does more to support them to do so. The UK needs successful, resilient small businesses.”

Simon Fell MP, Chair, APPG on Cyber Security said: “This new report from Vodafone shows that businesses often lack awareness of the cybersecurity risks they face, the protection they need to mitigate them, and the resources to withstand them. SME cybersecurity is not a prosaic issue facing a few journeymen trying their hands at a new business during the pandemic, but rather an issue of national economic resilience.”

The report recommends: 

• The next National Cyber Security Strategy should include a section on SME protection, with reference to the increased risk associated with remote working.

• The Government should consider additional funding for the National Cyber Security Centre to expand a dedicated unit for cybersecurity for business.

• SMEs should be incentivised to strengthen their own cybersecurity through direct subsidies. This could be paired with a reduced 5 per cent VAT rate on cybersecurity products.

• The Government should commit an additional 5 per cent to the National Cyber Security Strategy budget to support the delivery of local cybersecurity skills and training.

• Part of the Government’s doubled and rebalanced R&D budget should go towards cybersecurity product development in research centres in the North and Midlands.

Read the report here