IT support and solutions when you need it most.
Clients Area
Comprendo Logo
side on view of racks of servers in a data centre

Cybercrime: How much of a problem is it for the SME community?

It seems we can’t move without hearing about another cybercrime committed against a high profile brand.  But does that mean that the rest of us are safe?

In a word, no! Regardless of size or type, all businesses are vulnerable to cyber-attacks. In fact small businesses can be more susceptible to cyber-attacks due to generally fewer resources, limited IT support, and lower awareness of risks.

Most cyber-attacks are not targeted and criminals seek out those that are least protected. To give some idea of the scale of the issue:

  • 43% of UK businesses reported having a cybersecurity breach or attack in the last year.
  • 283,000 (20%) of businesses have experienced at least 1 cybercrime in the last year.
  • 93% of those were phishing attacks.
  • Approx 19,000 ransomware attacks have taken place in the last year.side on view of racks of servers in a data centre

(Cybersecurity Breaches Survey 2025: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025)

Taking account of the number of successful phishing attacks, it’s clear that regardless of the sophisticated systems and well-honed processes that may be in place, the human element plays a huge part in plugging cyber vulnerabilities.

1. So, what are the threats?

 

  • Phishing & Social Engineering

Attackers craft convincing messages to trick staff into revealing credentials, clicking malicious links or opening infected attachments. This remains the top entry method for data breaches and ransomware. The recent Marks & Spencer cyber-attack was the result of a phishing attack, traced to a compromised IT contractor.

  • Malware, Ransomware & Data Extortion

Malware encrypts files, locking the business out of its own systems. It’s becoming more prevalent due to automation tools that scan for vulnerable systems. Ransomware is a growing issue, threatening to leak data unless a ransom is paid. It has devastating effects. According to  BBC’s Panorama programme in June, Northamptonshire-based transport company, KNP, was hit by a £5m ransomware demand that it couldn’t pay. The company folded, putting 100s of people out of work.

  • Supply‑Chain Attacks

Hackers target weaker suppliers, such as third‑party platforms or contractors, to penetrate organisations. The recent Co‑op supply‑chain attack took tills and logistics offline across 2,300 stores.

  • Weak Passwords & Credential Stuffing

blue screen with fields on for password credentials as a reminder to protect against cybercrimeSimple password weaknesses remain a major vulnerability. KNP, mentioned above, was forced to close after 158 years thanks to a single easily-guessed password. Attackers use leaked credentials from other breaches to try logging onto accounts and are often successful due to the recycling of old passwords.

  • Business Email Compromise (BEC)

These are targeted attacks whereby cybercriminals trick employees into transferring money or sensitive information by impersonating senior staff or suppliers, such as a fake invoice from what appears to be a known contractor. Spoofing is a tactic used in BEC attacks, where the attacker disguises the sender’s email address to appear legitimate.

  • Insider Threats (Negligent or Malicious)

These are employees who accidentally or deliberately leak sensitive data, where the common cause is weak access controls or poor offboarding practices.

  • AI‑Enabled Attacks

The UK National Cyber Security Centre warns that generative AI will make phishing emails more convincing and scalable, increasing the volume and complexity of scams.

 2. Implications of cybercrime

 

  • Operational disruption
    When systems are locked or offline, core business operations come to a halt. Marks & Spencer faced a 46‑day outage and issued a £300 million profit warning.
  • Financial losses
    Costs include cleanup, ransom, lost sales, reputational damage and regulatory penalties. Average losses exceed £10,000, but high‑profile incidents often incur sums into millions.
  • Loss of trust and data
    Customer and staff data breaches harm reputation and may incur legal liability under GDPR.
  • Impact on employee morale and mental wellbeing
  • Long term impact on company growth (or even survival)
3 . How to avoid a cyber-attackfinger print on a key on a computer keyboard

 

Basic cyber hygiene

  • Use strong, unique passwords, ideally generated and stored securely.
  • Implement multi‑factor authentication across all critical platforms.
  • Keep systems, software and firmware fully patched; around a third of attacks still exploit unpatched vulnerabilities.

Backup and recovery planning

  • 75% of organisations DO NOT have a cyber incident response plan! In a cyber-attack, your data back-ups are your lifeline.
  • Maintain isolated offline backups that are regularly tested (3-2-1 rule).
  • Create a business continuity plan to ensure alternative operations if IT systems go down; as the Co‑op was forced to do across hundreds of stores.

Phishing defence & staff awareness

  • People are often the weakest link, but we’re also the first line of defence, so providing regular training and phishing simulations to employees is vital. Without training they may fall for scams or ignore security best practices, such as not using 2FA and clicking unsafe links.
  • Use email filtering, link scanning and phishing warning banners.
  • Encourage a culture of security by promoting accountability and vigilance.

Endpoint protection & network security

Supplier and supply‑chain risk

  • Evaluate cyber practices of contractors and partners; only 11 % of micro‑businesses and 21 % of small firms review supplier risk according to gov.uk.
4. Next Steps

 

Cyber Essentials logo, a scheme which protects against cybercrimeWeak human factors or partner vulnerabilities often open the door to even fairly unsophisticated cyber-attacks. However, most cybercrime is preventable through basic cyber hygiene, backups, robust policies, employee awareness / training, and supplier checks.

Aligning cyber risk to business strategy and achieving Cyber Essentials or equivalent are important next steps for demonstrating minimum protection.

Interested in hearing more about protecting your organisation’s online operations and sustainability?

Contact us at: info@comprendo.co.uk / 0345 527 4394 and book a FREE security audit of your critical systems.free demo call to action Comprendo branded design

 

At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North and West Yorkshire, Lancashire and beyond, including Leeds, Bradford, Harrogate, York, Preston and Manchester. Looking to outsource your IT or review your cyber security? We look forward to hearing from you.

 

 

Share this article

Sign Up to our Monthly Newsletter

Keep up to date with all our news, views and the latest tech insights

We pride ourselves on offering top IT Support services to the UK region with a dedicated and custom approach tailored for your business needs.

Comprendo IT Support
  • 24/7/365 IT Support
Our Services
Get In Touch

7 Main Street, Crosshills, BD20 8TA

  • Call Support: 0345 527 4394
  • Email: info@comprendo.co.uk
Linkedin Facebook-square
Certified Partner
Microsoft Partner Network
Awards
Copyright © 2025 Comprendo. All rights reserved.
Comprendo IT Support

Looking to outsource your IT or
review your Cyber Security?

— Book your FREE 2-hour Consultation Today.—

Book Now