SMBs Struggle to Keep Pace with Cyber Security Threats


Keeping on top of new threats is the biggest cyber security challenge facing small and mid-sized businesses globally (SMBs) – and more than half are calling for help to manage the risks, new global research by Sage reveals today. UK SMBs are particularly struggling with cyber security preparedness with 57% asking for more support with education and training and 45% not understanding what security is needed for their business.

The leader in accounting, financial, HR and payroll technology for SMBs has conducted global research to investigate SMBs’ perceptions of cyber security and the key hurdles they are facing in this space. Through the study, Sage aims to demystify cyber security and turn it from a daunting challenge to an empowering tool so SMBs can focus on growing their business, developing their teams, and providing outstanding customer experience.

The research reveals:

  • UK SMBs reported the fewest cyber security incidents in the past 12 months than any other country (42% reported one).
  • 70% of global SMBs say cyber threats are a major concern, however 72% feel confident about managing cyber security and 76% regularly review it
  • Keeping on top of new threats is the biggest challenge for 51% globally, followed by making sure employees know what’s expected of them (45%), educating staff about cyber security (44%), and cost (43%)
  • Just 48% of UK SMBs cyber security investment is to increase next year, with 29% saying the cost of living has reduced their cyber security budget
  • Over half of UK SMBs think the government (55%) and cyber security companies (52%) should do more to support with cyber security education and training

Ben Aung, EVP Chief Risk Officer, Sage, said, “Navigating the fast-paced world of cybersecurity can be overwhelming for SMBs, who often lack dedicated IT expertise. While our research highlights their genuine concern for cybersecurity, they seek guidance to comprehend and mitigate risks beyond the misconception of it merely relying on firewalls and tools. At Sage, our commitment is to make cybersecurity accessible, fostering confidence through knowledge, resources, and a human-centric approach, empowering SMBs to strengthen their cybersecurity culture even with limited budgets.”

The research also reveals that 42% UK SMBs regularly discuss cyber security, only marginally higher than the global average of 40%. This is mostly when something changes or goes wrong internally or with another company. In terms of size, smaller businesses are less concerned with cyber security, have less knowledge about cyber controls, and generally invest less in cyber security.

The research findings also highlight that two-thirds of global SMBs are prepared to spend more to ensure better cyber security. 68% say they would use a more expensive supplier and spend more budget on a company if they had better security and displayed more information about the privacy and security of their products.

Maria Kelly, Operations Manager at Roche Healthcare, a care home business based in Leeds, said “As a business, it is daunting to think about cyber security, especially on top of all the other challenges we’re facing, including cost of living, recruiting talent, inflation. But it is a reality in today’s world where daily threats must be navigated with confidence and ease. For our business to make sure this puzzle isn’t one we fall victim to, we need access to affordable practical advice and support, which is why the role of tech companies, and the government is so important. Knowledge is power here and by understanding the small steps we can take as a business, and where to go to for advice, we can help protect our data and minimise risk, which can provide significant comfort to our employees, directors, and customers.”

Simon Borwick, Cyber Security Partner at PwC UK, said, “Cyber crime is now a real threat to small and medium businesses, irrespective of their scale. Their digital presence can turn into a potential weak link within the supply chain. Dependence on major suppliers and government authorities requires collective action.  At the same time, tackling this looming challenge also presents a unique opportunity to carve out a distinct competitive edge – enhancing an organisation’s reputation and building trust.”