Cybersecurity isn’t just a big business issue –  it’s an every-business issue. But amidst the ever-increasing time and financial pressures created in the rest of your business, do you view your cybersecurity as just another box-ticking exercise?

The National Cyber Security Centre’s Annual Review 2025 paints a stark picture: the UK has faced a record 204 nationally significant cyber incidents this year – more than double last year’s figure. And while many headlines focus on large organisations, SMEs remain prime targets, often seen as easier entry points into bigger supply chains.

Recent research has found that the average cost of a significant cyber-attack on UK businesses is just short of £195K. And for SMEs within a supply chain, cybersecurity isn’t just about protecting their own business, it’s about safeguarding the entire network. One vulnerability in a supplier’s system can have a knock-on effect, placing the entire supply chain in jeopardy.

You can read about this latest research commissioned by the Department for Science, Innovation and Technology here: https://www.gov.uk/government/publications/independent-research-on-the-economic-impact-of-cyber-attacks-on-the-uk

The NCSC’s review makes it clear: cyber resilience isn’t about having the biggest budget – it’s about leadership, culture, and preparation.

One standout contribution comes from Shirine Khoury-Haq, CEO of The Co-op, who reflects on their own recent experience, and reminds us that “the buck stops with us as senior leaders.”

That applies just as much to small business owners as it does to CEOs of major brands.

So what questions should every SME leader be asking themselves?
1.  Are we treating cyber risk as a core business issue – not just an IT task?
2.  When did we last test what would happen if our systems went down tomorrow?
3. How confident are we in our suppliers’ and partners’ security practices?
4.  If we were hit by a cyber incident, would we know who to call and what to say?

Why it matters:
Cyber-attacks don’t just cost money – they cost trust, reputation, and time. The 2025 Review is a reminder that building resilience is within everyone’s reach. Start with awareness, leadership buy-in, and a clear plan. The Cyber Essentials scheme is a solid starting point with 92% fewer insurance claims made by organisations with the 5 required basic technical controls in place.

You can read the full NCSC Annual Review 2025 here: https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025

So if,

• You’re in the dark about cybersecurity,
• Your business has outgrown its existing security strategy, or
• You’d like to find out about the Cyber Essentials scheme,

>> Please get in touch with our dedicated support team at: 0345 527 4394 / info@comprendo.co.uk to arrange your FREE 2-hour (no-obligation) consultation.

At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North and West Yorkshire, Lancashire and beyond, including Leeds, Bradford, Harrogate, York, Preston and Manchester. Looking to outsource your IT or review your cyber security? We look forward to hearing from you.