July 1st 2025 

COULD YOU IDENTIFY A CYBER SECURITY THREAT?

For many business owners and stakeholders, the thought of a cyberattack is something that happens to someone else. If you’re an SME, you may have the quiet confidence that you’re not a target, or that your people know better than to click on a dodgy-looking email. 

However, Gov.uk has identified that nearly half (43%) of businesses and 30% of charities in the UK were victims of a cyber attack last year.

UK Businesses Are Under Threat

Cyber Security Statistics for UK SMEs (2025)

  • 43% of UK businesses experienced a cyber attack in the past 12 months
  • Businesses suffer on average 30 cyber attacks per year
  • Average cost to SMEs: £3,550 per incident
  • 90% of breaches involve human error

The Cyber security breaches survey, published in April 2025, was commissioned by the Department for Science, Innovation and Technology, and aims to explore the processes, impact and response of cyber attacks on UK businesses and charities. 

The average cost of a cyber attack for a UK SME is £3,550. Data also suggests that cyber attacks are repeat business, with reports showing that businesses suffer on average 30 cyber attacks per year. That increases the average financial risk to £106,500!

62% of compromised businesses reported taking some form of action to prevent further attacks, with changes to personnel or training ranking highest (32%). This is a sensible option, considering IBM reported that 90% of cyber incidents involve human error.

What Kind of Cyber Attacks Put Businesses Most at Risk?

85% of all attacks in the last 12 months were phishing attacks, which proved to be the most disruptive and time-consuming incident to deal with. 

Phishing attacks are a form of social engineering that tricks employees into revealing sensitive information. Attackers will pose as trusted third parties to help lure individuals into:

  • Clicking on malicious links
  • Downloading infected attachments 
  • Directly providing sensitive data, such as login credentials, bank details or a customer's personal information. 

Typically, attackers pretend to be the company CEO, a bank, a delivery service, a colleague, or another well-known service provider brand. 

Let’s take a look at the recent M&S cyber attack, for example. M&S suffered major losses following an attack carried out using social engineering, where hackers tricked employees at a third-party contractor (Tata Consultancy Services) to gain access to M&S systems. 

The cyber attack cost the retail giant an estimated £430 million (£300 million in lost profits, £130 million in lost revenue) during a 46-day online outage for clothing and home ordering.

Securing Your Supply Chain

If M&S had a more secure supply chain, it might have been able to avoid the cyber attack altogether. Most businesses are part of someone else’s supply chain, and in turn, have their own supply chains as well. 

Do you know how secure your data is at every stage of your business operations?

Here are some tips to ensure your supply chain is secure:

  • Vet suppliers for Cyber Essentials accreditations or similar: Ensuring your suppliers have a code of conduct when it comes to cyber security helps to give you peace of mind that they take protecting your information seriously. 
  • Limit supplier access: Provide suppliers with only the vital information required to complete their role in your supply chain. Ensure that access is revoked once it is no longer needed, and regularly monitor this to prevent unauthorised access. 
  • Include cyber security in supplier contracts: Ensure that your suppliers agree to meet your own cyber security standards.
  • Regularly audit your supply chain: Only 39% of businesses that suffered a cyber attack reported it outside of their organisation. Therefore, you cannot trust that your suppliers will make you aware should they suffer a breach. Be sure to do your due diligence and proactively audit their organisations to keep your supply chain threat-free.
  • Train your team: Ensuring your team knows the key contacts at each supplier and approved methods of communication, along with how to spot anything suspicious, will help minimise human error. 

Any business could implement these tips to build a robust supply chain and cyber security practices. In turn, you could use these tips as your own checklist to improve your cyber security measures and feel confident in the role that you can play in somebody else’s supply chain. 

Secure Your Business With a Cyber Essentials Certification

Need help with anything you’ve read in this blog? We help businesses like yours in achieving Cyber Essentials accreditation and implementing improved cyber security strategies. Talk to our team today

What to read next:

 

Back to Main Blog

Why Choose Lily?

  • Multi Award-Winning Business
  • 86% of our customers have saved money
  • We work with leading technology partners for the most innovative comms and IT solutions
  • Tailored services unique to your business
  • Consolidate your bills & services with one trusted provider
  • Account manager support
  • 24/7 support options
Leeds Office

Connect House, Unit A, Millshaw Business Park, Global Avenue, Leeds LS11 8PR

0344 880 3333

info@lilycomms.co.uk

© Copyright Lily Communications Ltd. All Rights Reserved. Website by Trio