// TALKING POINT //
UK SMES ARE IN THE FIRING LINE FOR CYBERATTACKS
Charlotte Webb, Marketing and Operations Director at Hyve Managed Hosting, discusses the new UK government campaign which encourages more businesses to sign up to its long-running Cyber Essentials scheme.
H alf of UK small businesses being targeted in the past year is a stark reminder that cybercriminals do not‘ pick’ victims based on brand size. They look for opportunities, and smaller organisations often have leaner IT resources, making basic gaps easier to exploit.
That is why baseline cybersecurity must be treated as standard business hygiene, not an optional spend. Schemes like the UK government’ s Cyber Essentials help because they focus on straightforward controls that close common attack routes, including multi-factor authentication, strong passwords and up-to-date antivirus. For SMEs, such steps are achievable and help stop routine compromises from becoming business-stopping incidents. When fundamentals are in place, the blast radius tends to be smaller, and recovery is faster.
It is encouraging to see the government actively promoting the Cyber Essentials scheme to SMEs. Although the framework has been in place for years, adoption has lagged among smaller businesses, even as attacks are becoming more sophisticated and frequent. The reasons are not hard to see: more complex cloud architectures, third-party platforms and connected supply chains widen the attack surface across organisations of every size, while more convincing phishing and social engineering increase the chance of a successful first step.
Although the Cyber Essentials scheme provides a solid foundation, it should be part of a broader set of sustainable cybersecurity practices tailored to each business. That includes maintaining clear visibility of endpoints and identities, adopting a zero-trust mindset for access, monitoring key services and tightening supplier and platform dependencies so a third-party issue does not become your outage. It also means doing the less glamorous work that often gets skipped, such as mapping critical services, tiering applications by importance, monitoring DNS and certificates and verifying failover rather than assuming it will work when needed.
Finally, resilience is not only about prevention. Businesses of all sizes need a practical and rehearsed contingency plan, including a cyber incident and recovery programme, tested offsite and cloud backups, clear escalation paths and a communications strategy that involves leadership, not just IT. Tabletop exercises and realistic simulations may sound‘ enterprise’, but they are often the difference between a controlled disruption and a prolonged shutdown. Bringing baseline controls and these continuity steps under managed support can help keep them consistent and auditable, rather than relying on ad hoc internal effort or whoever happens to be available that week. �
18 Intelligent SME. tech