The Verdict’s in: SMEs are Better at Cyber Defence than Big Businesses

Historically, small and medium-sized businesses have been disproportionately impacted by cybercrime compared to larger companies. In fact, just three years ago, 96% of all cyber-attacks targeted SMEs.[1] This is likely due to cybercriminals noticing that smaller companies had limited defence resources compared to bigger companies, giving them a greater chance of a successful breach.

While the picture is no longer quite so dire for SMEs, recent government data shows an even more surprising shift. According to the Government’s cyber breaches security survey 2025, there were significantly fewer cyber-attacks against SMEs (42%) compared to last year (49%) – a nearly 7% reduction. The same can’t be said for medium (64%) and larger (74%) businesses, which reduced only by a few points each.

Clearly, SMEs are doing something right – but what?

While there are no hard and fast explanations, the survey pulls out strong management as a possible reason, noting that ‘organisations with active senior leadership demonstrated more robust security strategies.’

At the same time, the survey notes two things that, together, may be a cause for concern. The first is that there’s a downward trend in businesses who are aware of the Government’s Cyber Aware campaign, and the second is that SMEs are increasingly reliant on external cyber consultants for information.

While external consultants are an essential and invaluable resource for SMEs, particularly those unable to recruit for a role internally, they aren’t a replacement for developing your own cyber strategy. A truly effective cyber defence has to start from within your business. That means fostering a culture of cyber alertness in your workforce, informing your business processes, and staying ahead of the latest cyber developments.

When you drive a car, you wear a seatbelt. You just do.

In the same way, if you run your own business, you need cyber insurance.

That’s because even businesses who do everything right can still be victims of a cyberattack, and the consequences can be as severe as losing your business. What’s more, in the cyber world, there’s simply no such thing as being ‘ahead’, as hackers are constantly honing and developing their techniques to breach more and more successfully.

That’s why insurance is crucial to your cyber defence strategy.

Cyber threats are constantly evolving, and small businesses are often the most vulnerable. Everywhen specialises in helping businesses like yours navigate these complex risks.

Contact us today to discuss how cyber insurance can help your small business: 0330 162 9107.

[1] BIBA - A guide to cyber insurance-2022 - Page 7