• Home Insights Are rising cyber threats to businesses on your radar?
24 Oct 2025

Are rising cyber threats to businesses on your radar?

In recent years, the rapid adoption of digital technologies, the rise of remote work and increasing reliance on interconnected systems have left many small and medium-sized enterprises (SMEs) exposed to increasing cyber threats.

Cybersecurity did not feature as a risk on the McKinsey Risk Report in 2010. Compare that to 2021, and cybersecurity risk was of greater concern than financial, regulatory, geopolitical, competition and Covid risks. Cyber risk is increasing exponentially.

Threats to SMEs

Ransomware remains one of the most formidable threats. Cybersecurity firm Sophos reported that 66% of SMEs experienced a ransomware attack in the past year. The financial and operational impact of these attacks can be devastating, often leading to prolonged downtime and significant losses. In some cases, major cyber breaches cause small companies to close.

Phishing attacks remain a prevalent threat, with cybercriminals employing increasingly sophisticated tactics. These attacks exploit human vulnerabilities, tricking employees into divulging sensitive information or clicking on malicious links. Attacks are becoming more convincing and technologies such as AI are making it easier for the attackers.

SMEs often rely on third-party vendors and suppliers, without performing appropriate due diligence procedures, potentially increasing their exposure to an attack.

Technical vulnerabilities remain a critical concern. Unpatched software and systems can serve as entry points for cybercriminals. A study by the Ponemon Institute revealed that 60% of data breaches in SMEs were linked to unpatched vulnerabilities. Effective patch management is, therefore, essential.

Mitigating the risks

To safeguard against these threats, SMEs must adopt a proactive approach to cybersecurity. A valuable first step is to consult with an external cyber assurance team. These experts can help identify key risks, commensurate with your industry and risk profile.

By leveraging their expertise, SMEs can develop a tailored cybersecurity strategy that addresses their unique needs. This can be tailored over time to match growth aspirations.

Key areas to consider after performing an organisational risk assessment commonly include:

  1. Regular security awareness training and phishing simulations – reducing the risk of human error
  2. Implementation of multi-factor authentication across all organisational data and services
  3. Frequent vulnerability scanning, and an effective patch management programme to reduce susceptibility to technical attacks
  4. Practicing incident response procedures – it’s a question of when it happens, not if it happens. Always best to be prepared

To sum up, as SMEs continue to navigate the complexities of the digital age, the importance of robust cybersecurity measures cannot be overstated. The threats are real, and the stakes are high.

By staying informed, conducting annual risk assessments, seeking independent assurance, investing in the right technologies and fostering a culture of cybersecurity awareness, SMEs can mitigate the risks and help to safeguard their future.

For those seeking expert guidance, PKF Francis Clark has a specialist team dedicated to helping SMEs. Our assurance services are designed to reassure boards and trustees, ensuring that your organisation is taking appropriate steps against cyber threats.

Phil Osgathorpe

Director and head of IT audit and cyber security
View profile

Is your business protected against rising cyber threats?

Fill out the form to request a tailored cybersecurity audit and take the first step toward peace of mind.

This field is for validation purposes and should be left unchanged.
GDPR permissions

Latest news

Colleagues in their office discussing an important matter.

Business leaders’ confidence in 2026: stable, stretched and still investing

16 June 2026

Read
Paul Ridgers, Rebecca Rees-Green, Emily Clark and Mitch Floyd-Walker at RH Advertising

RH Advertising transitions to employee ownership with support from PKF Francis Clark

16 June 2026

Read
An aerial view of Rokewood Nursery, near Wisbech

Administrators of Rokewood Ltd seek buyer for Norfolk horticultural site

9 June 2026

Read
A man buying a snack from a vending machine at a railway station

PKF Francis Clark supports Decorum Vending on acquisition of PG Group Vending

5 June 2026

Read

SRA announce two key changes to the SRA Accounts Rules & safeguards

4 June 2026

Read

A new era for farm inheritance: is now the time to act?

4 June 2026

Read
A group of six people in a modern office setting having a meeting around a glass conference table. One person is standing and speaking, while the others are seated and listening attentively.

Foreign branch exemption to become mandatory from 2027

1 June 2026

Read
A group of people sitting around a conference table engaged in a discussion. One person is standing, while three others are seated with laptops, notebooks, and coffee cups in front of them.

Succession planning: why consider an employee ownership trust?

28 May 2026

Read
A large group of office workers seated in a boardroom all turn to face a female colleague who is smiling and gesturing animatedly as she talks.

The Fair Work Agency: Key updates and employer guidance for a year of transition

27 May 2026

Read

Challenges and opportunities for Independent Schools

26 May 2026

Read

How B Corp™ certification actually works

26 May 2026

Read
An ambulance outside a building

Administrators secure sale of Bristol ambulance company BAEMS Ltd, safeguarding services and jobs

22 May 2026

Read