1 in 5 SMEs has been a victim of cyber security attacks in the past three months

Published on 19/11/2020 by Sonia Navarrete

With the country back into full lockdown since the 5th November and remote work becoming the norm again, concerns about cyber security attacks are back in the main discussions of business owners and CEOs.

cyber security attack in British SME

Many businesses suffered from cyber attacks during the first wave of COVID-19. 30% of businesses have fallen victims to phishing attacks since the beginning of the pandemic, and with the number of attacks rising, companies need to have solid measures in place to prevent attackers from entering their systems.

We asked over 500 CEOs and business owners of British SMEs what measures they have in place to prevent these attacks. Also, if they have required new software and how they are ensuring the staff is aware of the risks when working remotely. (full methodology at the bottom of the article)

Highlights of the study:

  • 12% of companies needed new security software since the beginning of COVID-19.
  • 40% of businesses didn’t have a contingency plan after the first wave that took place in March-April this year.
  • 22% of business owners are concerned about security threats when employees work remotely.

40% of SMEs didn’t have a contingency plan in place in case of a second wave

The results of the survey show that 40% of SMEs in the UK didn’t have a contingency plan prepared in case of a second wave. 

number of businesses that had a contingency plan after first wave

Business continuity software or backup software can help you prepare for unexpected events that may put at risk the running of your SME and secure the continuity of business.

In addition, 12% of companies needed new security software to support their business since the beginning of COVID-19. Anti-virus (27%), Firewall (27%), and VPN (24%) software are the three most popular ones.

However, 21% of businesses have been victims of a cyber attack in the past three months.

Malware infection (41%) and data breach (37%) are the two forms of attacks suffered by businesses in the past three months. In addition, 80% of business owners state being concerned or very concerned about the risk of malware attack.

 Investing in antivirus and network security software can help your business prepare for those threats and mitigate the effects of a possible attack. Check out some different software to see which one offers the features that are most suited to your needs. Visit the cyber security listing on GetApp UK for more information on vendors and features.

Remote work and security are still a concern for business owners

22% of business owners are concerned about security threats when employees work remotely.

However, they have issued a series of guidelines to make sure that employees are aware of the risks. 33%  say advising employees not to use public wifi when working from a cafe or places with a shared connection.

A third of them also recommend staff use a VPN when connecting to the company network. 28% also recommends changing both system and router passwords regularly. 

Brian Reed, senior director analyst at Gartner, recommends that owners reassess the security measures that were put in place during the first wave to see if they are still relevant:

“Now that a few months have passed since the initial remote push, it’s time for a needs assessment and review of what has changed to determine if access levels are correct and whether any security measures are actually impeding work.”


Password management software and authentication software can help with managing and organising passwords as well as providing a centralised, secure location for them.

22% of business owners will require cyber security skills from new employees

Cybersecurity skills are amongst the ones most demanded by businesses looking at 2021. 22% of business owners say they will require some cyber security skills from new employees that are hired. 

Companies are investing in training employees on the skills that are currently needed. A third of companies are using interactive web-based training such as webinars and 32% are using computer-based online training. 

In addition, SMEs are making changes to their employee training budget during this second lockdown. 20% are planning on making minor increases in the training budget while 13% will significantly increase the training budget.

Using Webinar software to train employees is a great way to make it visual and engaging for them to learn new skills. If you don’t have the resources to provide a course to your staff, the National Cyber Security Centre has launched a new free training tool for SMEs. 

The short course takes less than 30 min to complete and trains staff on four key areas of cyber security: 

  1. Identifying phishing
  2. The importance of having strong passwords
  3. Securing the devices 
  4. Reporting incidents

Security alerts and access controls are the two most asked questions to vendors

Security alerts (33%) and access controls (27%) are the two most popular topics raised when looking to purchase new software.

However, the results of the survey show that 18% of business owners also ask vendors about regulatory aspects such as GDPR compliance.

most common topics asked to vendors

A resilient business model will help your SME to be better prepared for unexpected events. Furthermore, this will support the digital transformation of your business without disruption.

Looking for Cyber Security software? Check out our catalogue

*Data for the GetApp New Business Model Survey has been collected in November 2020. The sample comes from an online survey of 1,851 respondents that live in the UK.

The survey data used for this article comes from 539 participants who have qualified to answer.  The information in this article corresponds to the average of all surveyed participants.

The criteria for participants is:

  • Owner, founder, or another head role
  • C-suite executive (e.g., CEO, CIO)
  • President or vice president

This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.

Share This Article