Cybercrime, the rising threat SMEs can’t afford to ignore

Cyber breaches are no longer rare headline events. They’re an everyday reality. While the news tends to highlight attacks on banks, retailers, and global giants, small and medium-sized businesses (SMEs) are just as, if not even more, exposed.

Why? Because SMEs are often easier targets.

And make no mistake, the impact of a cyberattack can be devastating, no matter the size of your business.

From organised crime gangs chasing quick profits, to hostile state-sponsored hackers, hacktivists, and even opportunistic “kids messing around,” the result is the same.

Disruption, spiralling costs, and reputational damage that can take years to repair.

“1 in 3 UK SMEs suffered some form of cyber incident in 2024”

Therefore, it’s hardly surprising our Cyber Security and Introduction to GDPR online training courses have become best sellers in recent months.

Ultimately, more and more business are recognising the threat of cybercrime, and are determined to stay one step ahead of the growing threat.

Who’s behind the cyber attacks?

Whose behind the cyber attacks? The truth is attribution is tricky. Knowing who’s behind any attack can be difficult to pin point. Many incidents are deliberately cloaked, leaving businesses guessing, who’s attacking them.

However, recent data paints a clear picture of the most active cyber threats. So, next, lets take a look:

1. Organised crime

81% of cyber incidents investigated by NCC Group were attributed to organised criminal gangs, compared to 13% linked to state-affiliated actors. UK Parliament Committees

“the average cyberattack costs a small to medium sized UK business in the region of £3,398 to £5,001”

2. State sponsorship

The NCSC reported that in 2022/23, 23% of cyber security incidents showed signs of state sponsorship (down from 34% the year before).

However, financially motivated attacks associated with organised crime, are on the rise. Industrial Cyber

3. Blurred lines

This blurring of lines between organised crime and state sponsored actors, makes the threat of cyber attacks even harder to navigate. Euronews, The Guardian

Take, for example, the 2024 attack on Synnovis, a UK healthcare provider, hit by a ransomware and a data theft campaign, from the Qilin gang. A financially motivated criminal organisation, believed to operate with, or at least, the tolerance of the Russian state.

4. Growth in cyber incidents

The growth in cyber incidents can be demonstrated by the fact, from September 2023 to August 2024, the NCSC handled 430 incidents. This number was up from 371 the year before.

Of these cyber attacks, 89 were nationally significant, and 12 classed as critical.

Why knowing who’s attacking you matters

Knowing who’s attacking you matters. Why? Because understanding the source of a cyber attack isn’t just academic. It shapes how you defend yourself:

State sponsored hackers

State sponsored hackers are stealthy, persistent, and often target intellectual property, supply chains, or critical infrastructure.

Organised crime groups

Organised crime groups are profit driven, using ransomware, extortion, and data theft.

SMEs are attractive to cyber criminals, because typically they have weaker defences.

Amateurs or “script kiddies”

Amateurs or “script kiddies” may seem harmless, but even low-level attacks through phishing or misconfigurations can escalate quickly.

Cyber Security online training course with certificates accredited by CPD & IIRSM

Only £35.00 for a single licence. Bulk discounts available, get in touch for a quote, or learn more

Hybrid or unattributed actors

Hybrid or unattributed actors complicate everything, slowing down responses, making insurance claims harder, and leaving you and your business exposed.

Cybercrime, the hard facts for SMEs

Cybercrime is rising fast, and SMEs are disproportionately vulnerable. Here’s the hard facts for SMEs:

1 in 3

1 in 3 UK SMEs suffered some form of cyber incident in 2024.

The average cost

The average cyberattack costs a small to medium sized UK business in the region of £3,398 to £5,001.

£3.4 billion

Collectively, UK SMEs lose £3.4 billion every year to hackers.

$10.5 trillion

Globally, cybercrime is projected to cost $10.5 trillion annually by 2025.

And even if hackers don’t get you, regulators might. Remember all the noise about GDPR compliance?

Well it might have quietened down, but it hasn’t gone away. In fact, it’s ramping up:

Fines of up to £17.5 million

UK businesses face fines of up to £17.5 million or 4% of their global turnover.

Introduction to GDPR online training course with CPD accredited certificates

Only £35.00 for a single licence. Bulk discounts available, get in touch for a quote, or learn more

No business is too small to notice

In 2024 alone, UK organisations paid more than £15.5 million in GDPR penalties. Fines ranged from £7,500 to £750,000, with many levied against firms that thought they were “too small to notice.”

The uncomfortable truth is this: it’s not a matter of if your business will face a cyber or data incident, but when.

And what many don’t realise is that regardless the size of the business, the financial implications can be huge.

Why SMEs are easy targets

Cyber attacks on large corporations may make the headlines, but as the stats above demonstrate SMEs are at high risk.

Whilst large businesses have big security budgets, dedicated IT teams, and compliance officers, SMEs are easy targets.

Many SMEs lack even the most basic cyber security knowledge, understanding and defences.

In fact:

32%

32% of UK SMEs have no cybersecurity protections in place.

52%

52% of SME employees have never received cybersecurity training.

38%

38% of small firms spend less than £100 a year on cyber protection.

Hackers know this, and exploit it ruthlessly.

A weak password, an unpatched system, or one careless click is all it takes.

When it comes to cybercrime, prevention is better than cure. It’s cheaper too.

Most breaches start with human error & the most effective defence is training your people!

Prevention is better than cure. It’s cheaper too

When it comes to cybercrime, prevention is better than cure. It’s cheaper too. Now here’s the silver lining, the most effective defence against cyber attacks is also one of the simplest. Training your people!

Cybersecurity isn’t just about firewalls and software. Most breaches start with human error: opening a dodgy attachment, reusing a weak password, or mishandling customer data. The right training drastically reduces those risks.

That’s where our Cyber Security online training course comes in. Tailored for SMEs, it equips your team with practical, jargon-free knowledge they can apply immediately. Each learner earns a certificate, demonstrating your business’s commitment to customers, partners, and regulators alike.

And because cyber risk is inseparable from data protection, we also offer our Introduction to GDPR eLearning course. This course ensures your staff handle personal data correctly, keeping you compliant and helping you avoid costly fines.

Together, these courses deliver an affordable, proactive first line of defence, and unlike cyber insurance, they reduce your risk before disaster strikes.

Take action before it’s too late

Hackers don’t wait until you’re ready. Equally don’t wait until you’ve been attacked. Take action now, before it’s too late.

To be blunt, if you don’t then you and your business are at an increasing risk of a cyber attack, and as a result the significant costs. It’s not just the commercial impact of disruption. Regulators don’t excuse “we didn’t know.” And customers don’t easily forgive a breach of trust.

Investing in training today could save your business thousands tomorrow, and in some cases, save your business altogether.

Find out more about our Cyber Security and GDPR online training courses, you can even take a free trial, but most importantly protect your data, your business, your customers, and ultimately your future.

About PRS eLearning

We’re passionate about helping people develop the knowledge and skills to create better futures.

Our eLearning hub hosts a comprehensive suite of online training courses with certificates, accredited by leading industry, and governing bodies, that provide vocational qualifications, recognised throughout the UK, Europe and further afield.

Engaging, enjoyable, and cost effective, our eLearning courses offer a premium learner experience at an affordable rate. Discounts are available for bulk purchases, charities, and other worthy causes. We even offer free trials.

Visit our eLearning hub to find out more, or get in touch to discuss your learning, development and training needs.