Two in five – nearly 40% - of SMEs have not arranged cyber training for their teams, according to a new study by BT, costing companies considerable time and money to recover from an attack.
The research by BT, in partnership with Be the Business, also reveals four in ten (42%) small businesses having experienced a cyber-attack in the last 12 months, increasing to two in three (67%) for medium-sized companies.
The average cost of the most disruptive security breach for micro or small businesses is around £7,960, and can take months to recover from the resulting damage, yet most could be thwarted by cyber security tools costing just a few pounds a month.
The most common attack SMEs face is phishing, with email scams targeting 85% of UK businesses. Damaging ransomware incidents, meanwhile, have more than doubled in the last 12 months, rising from affecting less than 1 in 200 businesses last year to 1 in 100 in 2025.
A separate report by BT has revealed large businesses which are more proactive with their cyber security are more likely to grow that those who aren’t, and that these “cyber agile” companies have a 20% higher growth rate on average.
In response, BT is launching dedicated security training to help SMEs understand the practical steps they can take to protect themselves against cyber-attacks and potential breaches.
It will also educate small businesses about next-generation threats, including the role of AI and quantum computing, alongside highlighting the rise of attacks, including account takeovers where stolen customer credentials are used to breach systems, as well as QR code scams which have surged by 1,400% in the past five years.
Tris Morgan, Managing Director for Security at BT (pictured) commented: “For SMEs, a cyber-attack isn't just an inconvenience; it poses an existential threat. The good news is that effective cyber security can incorporate the right training, basic security measures, and awareness to help SMEs reduce their risk profile.”