Government Urges SMEs to ‘Lock the Door’ on Cyber Criminals
The UK government is urging businesses – particularly small and medium-sized enterprises (SMEs) – to “lock the door” against cyber attackers, following new research showing the scale and cost of online threats.
Government figures reveal that cyber attacks now cost UK businesses an estimated £14.7bn a year, with half of all small firms experiencing a cyber breach or attack in the past 12 months. While many large organisations are investing heavily in cyber security, ministers say smaller firms must now strengthen their own defences.
The new awareness drive centres on the government‑backed Cyber Essentials scheme, which sets out clear, practical steps that organisations can take to protect themselves – including keeping software up to date and limiting who has access to accounts and data.
New Survey Shows Extent of Cyber Incidents
Findings from DSIT’s Longitudinal Study
Alongside the campaign, the Department for Science, Innovation and Technology (DSIT) is publishing the latest results from its Cyber Security Longitudinal Survey.
Key findings include:
- 82% of medium and large businesses experienced a cyber incident in the past year.
- 77% of charities reported at least one incident over the same period.
The longitudinal survey was first conducted in 2021. The report published today, 16 February 2026, presents findings from the fifth wave of the study. The survey fieldwork took place between June and August 2025, with follow‑up interviews conducted between September and October 2025.
According to the executive summary, the research explored:
- The types and frequency of cyber incidents
- Uptake of government cyber security products
- Cyber security policies and processes
- Budget allocations
- Behaviour change and attitudes towards cyber security
In addition, other government research being cited in support of the “lock the door” campaign indicates that cyber incidents cost businesses an average of £195,000. The Cyber Security Breaches Survey 2025 further confirms that half of all small businesses suffered a breach or attack in the year to mid‑2025.
Cyber Essentials Adoption on the Rise – but Supply Chains Lag
Growing Engagement with Cyber Essentials
The Cyber Security Longitudinal Survey shows encouraging progress on adoption of the Cyber Essentials scheme:
- The proportion of businesses adhering to Cyber Essentials rose from 23% to 30% in the past year.
- Among charities, adherence increased from 19% to 28%.
DSIT has also reported that organisations certified under Cyber Essentials made 92% fewer cyber insurance claims last year than those without it, suggesting a clear risk‑reduction benefit.
Supply Chain Security Still a Weak Link
Despite these improvements, the survey highlights significant weaknesses in supply chain security:
- Only 28% of businesses and 26% of charities carried out any formal assessment of their suppliers’ cyber security in the past 12 months.
- Organisations “generally lacked awareness about cyber security incidents in their supply chains, acknowledging they likely happen without their knowledge.”
This suggests many SMEs and charities may be indirectly exposed to cyber threats through third parties, even if their own internal defences are improving.
Ministers and Experts: ‘No Business Is Too Small to Be a Target’
Liz Lloyd: Cyber Risk Is Business Risk
Liz Lloyd, Parliamentary Under‑Secretary of State at DSIT and the Department for Business and Trade, and a member of the House of Lords, stressed that SMEs must not assume they are beneath the notice of cyber criminals:
“No business is out of reach from cyber criminals. SMEs play a vital role in our economy, and business owners work incredibly hard to build something valuable, but too many still assume cyber criminals only go after big brands. The reality is criminals look for easy opportunities, and without basic protections in place, any business of any size can become a target.
I know smaller firms don’t have large IT teams, and that is exactly why Cyber Essentials matters. It provides a straightforward checklist to lock the door on cyber criminals, without needing specialist expertise. Cyber risk is business risk, just like fire or theft, and the protections are just as essential.”
NCSC: Attackers Look for Weakness, Not Logos
Developed by the National Cyber Security Centre (NCSC) in partnership with DSIT, Cyber Essentials focuses on five fundamental controls:
- Firewalls and internet gateways
- Secure configuration
- Software updates (patch management)
- User access control
- Malware protection
Richard Horne, Chief Executive of the NCSC, echoed the warning that small organisations are not beneath attackers’ notice:
“Many small business owners assume their business is too small to be on cyber criminals’ radar, but in reality, we know most attackers don’t care about size, reputation or logos – they are looking for opportunity and weaknesses.
Small businesses do not need to go to the ends of the earth to put baseline cyber security measures in place, as the Cyber Essentials scheme can help them take practical steps today. I urge all businesses to implement the five key security controls to help protect themselves against the most common, damaging online threats.”
‘Lock the Door’ – A Simple Message with Serious Implications
The government’s new campaign frames cyber security in familiar terms: if you would not leave your physical premises unlocked, you should not leave your digital systems wide open either.
For SMEs – who often lack dedicated IT teams and operate on tight margins – the message is that basic, affordable measures can dramatically reduce the risk of costly incidents:
- Keeping software and devices updated
- Using strong, unique passwords and multi‑factor authentication
- Limiting access to sensitive data on a “need‑to‑know” basis
- Installing and updating antivirus and anti‑malware tools
- Reviewing supplier and partner security
At a time when cyber crime is costing UK businesses billions, the “lock the door” campaign is a reminder that prevention is far cheaper than recovery – and that small organisations are very much on attackers’ radar.
We have created Professional High Quality Downloadable PDF’s at great prices specifically for Small and Medium UK Businesses our main website. Which include various helpful Cyber related documents and real world scenarios your business might experience, showing what to do and how to protect your business. Find them here.
