Cyber Essentials Urged for SMEs Amid Rising Breaches SME business owners are being encouraged to adopt the government’s Cyber Essentials scheme to strengthen their cyber security and reduce the risk of attacks. Cyber Essentials sets out steps that SMEs can take to protect themselves from the most common cyber-attacks, such as keeping software up to date and controlling who has access to accounts and data. It comes as new figures show the scale of threat facing businesses. Significant cyber incidents cost an average of £195,000 and half of all small businesses have suffered a cyber breach or attack in the last 12 months. In 2025, 92 per cent fewer insurance claims were made by organisations with Cyber Essentials in place. Certification can also help businesses win government contracts, and eligible firms can access free cyber insurance, including a 24/7 emergency helpline, provided by the Cyber Essentials delivery partner. In a statement, cyber security minister Baroness Lloyd said: “I know smaller firms don’t have large IT teams, and that is exactly why Cyber Essentials matters. It provides a straightforward checklist to lock the door on cyber criminals, without needing specialist expertise.” Developed by experts at the National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology (DSIT), Cyber Essentials focuses on firewalls, secure configuration, software updates, user access control, and malware protection. SMEs can access free tools and support including the Cyber Essentials Readiness Tool (an online self-assessment to identify gaps), free 30-minute consultations with an NCSC-assured cyber adviser when preparing for certification, and a free preview of the Cyber Essentials Question Set and Requirements for IT Infrastructure to help assess readiness. Data from Yubico’s 2025 Global State of Authentication Report reveals how small businesses are facing a new wave of vulnerability, driven by a lack of resources and misconceptions about their appeal to attackers. Niall McConachie, regional director (UK & Ireland) at Yubico, said: “Small businesses are currently operating under a dangerous misconception: believing they’re too small a target for attackers. In the age of AI-driven cyber crime, automated tools target all employees and businesses the same. Every unsecured entry point is a target, and our data confirms that SMEs are leaving the front door wide open by neglecting basic training and not implementing multi-factor authentication [MFA]. “We need to abandon the idea that robust authentication is ‘too expensive’ or ‘too complex’ for smaller teams. In reality, it’s too expensive not to protect systems and data. Implementing phishingresistant MFA, such as device-bound passkeys like hardware security keys, is the only scalable way to level the playing field and immunise small businesses against the commercialised threat landscape they now face.”
RkJQdWJsaXNoZXIy MTUyMDQwMA==