Freely subscribe to our NEWSLETTER

Private sector organisations were hit harder by the tsunami of cyber threats, receiving 18%
more alerts than their public sector counterparts. As threat levels rose, IT teams also showed signs of shrinking - the mean size of each security team at the beginning of 2024 was 2.63 people, slightly down from 2.7 people in 2021.

The findings based on insights from 200 UK-based IT and security leaders revealed:

Cyber incidents are hitting SMBs from all sides

Two in five SMBs were taken offline
- 41% of SMBs had to take systems and applications offline due to an incident over the last year. For one in seven of those (14%), the outage lasted more than a day.

Data loss hit almost two in five
- 39% of SMBs lost data due to a cyber-attack in 2023, a 13% jump since 2021. Nearly a third (30%) of SMBs also lost data due to user error in the last 12 months and 27% lost data due to disgruntled employees.

One in five fell victim to ransomware
- 20% of SMBs fell victim to a ransomware attack – although the pace of attack has remained consistent over the last three years.

34% paid out after a ransomware attack, with the average pay-out standing at £139,368. And,
one in five were subjected to a regulatory fine as a result.

Nearly a quarter experienced an email attack
- 23% of SMBs suffered from an employee opening a suspicious or malicious email that led to a serious attack.

Security professionals regularly work out of hours to keep up

38% have been called at night
- 44% of private sector security professionals have been called in the middle of the night to investigate a cyber alert, compared to 28% in the public sector.

34% have had their holiday interrupted - with 40% of private sector professionals handling
a security alert during annual leave, compared to 23% in the public sector.

32% feel unable to cope and the unsustainable workload risks UK SMBs suffering from significant
financial, operational, and reputational damage with only 60% of alerts fully investigated.

29% think their career prospects have been negatively impacted because of a cyberattack
jumping from 18% last year.

"Cybersecurity professionals are working hard to discern genuine threats from noise - sacrificing
sleep, holidays, and career stability," commented Ed Macnair, CEO of Censornet. "With SMBs forming the lifeblood of the UK economy, it’s imperative to simplify and bolster their resilience against rising cyberthreats, leaning into new technologies, such as
AI, to help."

70% of SMBs are struggling with sprawling security solutions

Despite the rising intricacy and persistence of threats, the ability of SMBs to protect against
some of the most common attack vectors is on the decline. Over two thirds (69%) of SMBs list
the number of point products needed to protect against the entire
threat spectrum as one of their biggest challenges in 2024.

And the patchwork of multiple solutions SMBs are turning to are weakening defences.

30% can protect against cross channel attacks, down from 37% in 2021.

47% have data loss prevention (DLP) solutions in place, marginally up from 46% in 2021
but still leaving over half vulnerable to major data loss.

48% can block ’dangerous’ attachments from reaching the inbox of users, down from 51%
in 2021.

33% can quarantine suspicious emails, down slightly from 35% in 2021.

44% of SMBs hope AI will free up time

To manage their risk, SMBs are turning to cyber applications that are easier to set-up, manage
and maintain. And overwhelmed private sector professionals are more hopeful about the opportunities that AI will offer to automate everyday tasks and combat AI generated threats.

Over half (56%) of private sector SMBs will use AI
to fight threats

Only a quarter (26%) of public sector SMBs will use AI
to combat threats despite the opportunity it offers to automate everyday tasks.

52% of private sector SMBs hope AI will alleviate workloads
by responding to security alerts. While 49% think it will boost cyber defences by freeing up team time to proactively investigate risks.

A third (32%) of public sector SMBs think AI will respond to security alerts
and 35% think it will boost their cyber defences by freeing up time to proactively investigate threats.

Neil Langridge, Marketing & Alliances Director, e92plus said: "The rapid growth of AI, the increasing
complexity of cloud environments and the expanding potential attack surface creates additional openings for security vulnerabilities, misconfigurations, and exploits. Adopting a cybersecurity perspective that emphasises controls rather than merely tools will
be essential for effectively managing technology estates."