Getty ImagesNewsUK SMEs losing over 3bn a year to cyber incidentsA lack of access to technology, little to no staff training, and competing priorities are losing UK SMEs up to 3.4bn to cyber incidents every yearByAlex Scroxton,Security EditorPublished: 07 Apr 2025 18:36 Small and medium sized enterprises (SMEs) throughout the UK are losing 3.4bn every year as a result of inadequate and unfit-for-purpose cyber security measures, with over 30% of businesses having no form of security protections in place whatsoever, and over a quarter being targeted multiple times every year according to a new report produced by Vodafone Business.Vodafones report, Securing Success: The Role of Cyber Security in SME Growth found that the average cost of a cyber attack for a small business was around 3,400, rising to 5,000 for organisations that employ over 50 people.Vodafone acknowledged the difficulties SMEs have in addressing the torrid threat environment, with budget constraints, skills gaps, and competing business priorities all taking their toll on their ability to implement comprehensive security strategies.For example, over a third of the businesses surveyed do not give their employees security training, more than a third spend less than 100 in total every year, and just under two thirds allow employees to work from home using their own equipment, massively increasing their risk profiles.Cyber threats are becoming more sophisticated, and SMEs are increasingly in the crosshairs of cybercriminals. Investing in robust cyber security is no longer optional it is a business imperative for protecting sensitive data, maintaining customer trust, and ensuring long-term resilience, said Nick Gliddon, Vodafone Business UK CEO.SMEs cannot tackle this challenge alone. Greater collaboration between businesses, industry leaders, and government authorities is essential to providing these businesses with the resources, education, and support they need to strengthen their cyber defences. By working together, we can create a safer, more secure digital environment that empowers SMEs to grow with confidence in an increasingly connected world, he added.Vodafone today urged the government to do more to make security tools affordable and, crucially, scalable for SMEs. It called on Westminster to beef up its Cyber Local initiative, which is supposed to offer tailored support to SMEs based on size and location, but is limited to certain areas of England and Northern Ireland and only has a funding pot of 1.3m.It also recommended updates to the National Cyber Security Centre (NCSC) Cyber Essentials programme, which it claimed is not sufficiently reaching SMEs with many remaining unaware of its existence, and suggested that financial tools such as tax credits, or a dedicated capital allowance, could be deployed to incentivise security investment.Vodafone is also offering SMEs a one-month trial of its human risk management platform, CybSafe, including access to education and training sessions to help SME employees gain confidence in recognising potential threats.Matthew Evans, techUK chief operating officer, said the report clearly set out the significant impact of cyber incidents on the UKs SME community.TechUK has called for governments Industrial Strategy to have a greater focus on raising technology adoption across the UKs SMEs to increase productivity and to recognise cyber resilience as integral to growth, he said.The findings and recommendations of this report only further underscore the need to give SMEs the attention they deserve, and to support them in implementing robust plans to build and increase their cyber resilience.Dan Bridges, Cyware technical director, added: Vodafones policy recommendations particularly calls for improved access to intelligence sharing, tax incentives, and stronger public-private partnerships are well-aligned to motivate impactful changes.We see a major opportunity to democratise threat intelligence through collaboration and low-code automation, enabling SMEs to benefit from the same level of threat awareness and response capabilities as larger enterprises. Ultimately, cyber security is a growth enabler. Protecting digital assets builds customer trust, fuels innovation, and unlocks new markets. As SMEs continue to digitise, investing in intelligence-driven security solutions isnt just about defense its about ensuring long-term success.Read more about security for SMEsDigital workspace player Espria shares the themes it uncovered at a recent discussion around technology that delivers users peace of mind.Cyber security operation Eco Group looks to help SME customers fend off threats as the challenges faced by customers continue to mount.Autodata gets Scality as-a-service for on-site immutable storage via Artesca, to allow customers to rapidly recover from ransomware.In The Current Issue:Behind the scenes at Amazon UKs robotic-powered warehouseAll change: Weighing up the options for enterprises as open source licences evolveDownload Current IssueGoogle Cloud VP: Beyond monolithic AI into heterogeneous harmony CW Developer NetworkNutanix cloud VP: A complete and open Kubernetes on any infrastructure CW Developer NetworkView All Blogs