Think you’re too small to be a target? Time to rethink cyber security

When you hear about the cyber attacks on big names like Marks & Spencer and Co-op, it’s easy to feel a sense of disconnect as part of a small to medium-sized business.

“Why would hackers come for us?” you might think.

“We’re too small to be worth their time.”

But here’s the truth: cyber criminals don’t just focus on large enterprises. SMEs are just as vulnerable, and you really shouldn’t ignore it. That’s why we’ve teamed up with Citation Cyber to share tips to improve your cyber security.

Big Names, big breaches but it’s smes who are most at risk

The recent breaches at M&S and Co-op are still dominating headlines, shining a light on the massive financial and reputational toll these attacks take. But for every high-profile case, there are countless smaller businesses quietly battling similar crises. Attackers often see SMEs as easier targets due to less sophisticated security systems or limited resources for incident response. If you still think you’re not worth stealing from, it’s time to look at the facts.

Why SMEs are prime targets

Cyber criminals don’t discriminate. They’re opportunists, looking for any vulnerability they can exploit. While larger organisations often have more extensive resources to recover from an attack, SMEs face much higher stakes. A small business may struggle to recover from ransom payments, downtime, and the loss of customer trust.

According to recent studies, SMEs account for over 40% of cyber attacks globally*, and 60% of small businesses that suffer a major cyber attack close within six months. This is because the cost of recovery, both in lost revenue and operational damage, can be impossible to juggle alongside daily business pressures.

SMEs also frequently handle sensitive customer data, whether it’s payment details, personal information, or confidential business documents. That makes them valuable targets for cyber criminals who know even a small amount of stolen data can mean significant profit.

Lessons from large-scale cyber attacks

The M&S and Co-op cyber attacks might feel like distant rumblings in the corporate world, but they carry important lessons for SMEs. These big retailers had to halt operations, isolate their systems, and undertake weeks of forensic investigation. For large organisations, such disruptions are major headaches, but for an SME, they could be a complete end to the business.

One key point here is resilience. Large companies are increasingly preparing for “when” an attack happens, not “if”.

SMEs must follow their lead by putting in place risk management practices, incident response plans, and cyber security from the start.

What SMEs can do to protect themselves

It’s clear that this isn’t just a big business problem.

The good news is that there are straightforward, affordable steps SMEs can take to protect themselves.

1. Invest in cyber security tools: You don’t need enterprise-level software to strengthen your defences. The government-backed Cyber Essentials scheme is an affordable first step and can make a huge difference in reducing vulnerabilities and increasing confidence in protection.
2. Train your staff: An estimated 95% of data breaches are caused by human error**. This means your team is your first line of defence. And if they’re not trained to spot phishing emails, suspicious links, or avoid poor password practices? Your first line of defence will fail you.
3. Conduct regular vulnerability assessments: Don’t wait until after a breach to check your weaknesses. Work with cyber professionals to identify your vulnerabilities and address them proactively.
4. Back up your data: A successful ransomware attack can grind your business to a halt if critical files are locked down. Back up all your essential data regularly and store it securely, so you can hit the ground running if an attack occurs.
5. Make cyber security a boardroom priority: Don’t leave this to your IT team alone. Business leaders need to take ownership of cyber security to create a culture of awareness and resilience. If leaders don’t know what to do during an attack, how will anyone else?

The risk of doing nothing

Failing to act against rising cyber threats is far riskier and more costly than taking preventative measures today. Cyber security is no longer an optional add-on for businesses. It’s a fundamental part of protecting your operations, reputation, and future.

The M&S and Co-op attacks may have grabbed headlines, but they serve as warning shots for businesses of all sizes. The threats are real, evolving, and growing. And SMEs need to be just as vigilant as the enterprise giants.

If you’re unsure about where to begin or want guidance tailored to your business, don’t wait for the worst to happen. Click here to speak to an expert for advice on improving your defences and making your business more secure. Don’t forget, as a BSIA member you get preferential rates so be sure to use the code ‘BSIAMEMBER’.

Stay safe, stay prepared. And remember, cyber security isn’t a luxury reserved for big players – it’s a necessity for everyone.

*Source https://www.verizon.com/business/resources/
**Source https://commonslibrary.parliament.uk/research-briefings/cbp-9821/r