Key takeaways from the CyberSmart SME cost of living crisis report

Key takeaways cost of living crisis report

The current economic climate has seen better days, but how are the UK’s small businesses weathering the storm? At CyberSmart, we’re curious about how the cost of living crisis has impacted cybersecurity and people in small businesses.

We tasked Censuswide with surveying 1,000 UK SMEs to find out how they’re coping. What followed is our  ‘SME cost of living crisis report’. It explores:

  • How confident businesses are about weathering the economic storm
  • The financial limitations impacting businesses
  • The impact on employees
  • The key impacts on cybersecurity
  • The state of cybersecurity investments 
  • How SMEs can approach cybersecurity in the cost of living crisis

Despite economic conditions, cybersecurity in your business doesn’t need to be all doom and gloom. Our report gives you the knowledge and understanding of the current climate to proactively protect your business. To help you, here are our key takeaways from the report. 

Want to read the report in full? Get your copy here.

1. Cost-conscious businesses are looking for value

Small businesses must be cost-conscious. Careful budgeting and knowing when to invest is key to survival. And this means many small business leaders won’t invest in cybersecurity unless they know the payoff is worthwhile. 

Understanding the benefits of strong cybersecurity is key in these conditions. Without a good level of understanding, decision-makers will overlook its importance.

Key takeaways from cost of living report

Understanding the benefits of strong cybersecurity is key in these conditions. Without a good level of understanding, decision-makers will overlook its importance.

2. Economic uncertainty raises threat levels 

Even though businesses are overlooking the importance of cybersecurity, nearly half of UK SMEs (47%) believe they’re at greater risk of a cyberattack since the onset of the cost of living crisis. 

Economic uncertainty has led to mistrust, too. 38% of leaders are worried about malicious insider threats from employees, while 32% blame higher rates of supply chain fraud. It seems that mistrust comes from inside and outside.

This is why increasing cybersecurity protocols and governance offers real business value. It provides much-needed reassurance that business data is safe, no matter where threats come from.

Key takeaways from cost of living report

3. The employee skill gap is causing mistrust

Your employees are a line of defence when it comes to cybersecurity. But you must equip them with the tools and knowledge to counter potential attacks. 

80% of respondents said that their employees do not fully understand why it is important to keep confidential information secure. And this lack of cybersecurity knowledge is the leading reason for mistrust.

The cybersecurity knowledge skills gap is a prominent factor for uncertainty. Of the 620 SME leaders who claimed to trust their employees, 25% still believe that staff pose the greatest security risk.Key takeaways from cost of living report

4. SMEs are missing important cybersecurity policies 

We noticed that a lack of trust in employees, their cybersecurity knowledge, and no clear internal policies have an underlying impact on small businesses, so we did some digging.

Only 54% of SMEs have clear policies and procedures for sharing information and gaining access to confidential information. This means that just under half of SMEs don’t have important cybersecurity policies, at all. 

Key takeaways from cost of living report

It’s not surprising that leaders demonstrate a lack of trust in their employees, especially when there’s no guidance for the employees in the first place. Here, cybersecurity concerns appear as a vicious circle, and there’s an important gap in employee knowledge and a lack of policies. Key takeaways from cost of living report

5. Basic measures can help to protect businesses

The report reveals that fixing basic, underlying issues can help alleviate the cybersecurity concerns as a result of the cost of living crisis. These issues are:

  • Lack of employee cybersecurity training and resulting cyber confidence 
  • Missing cybersecurity policies, or too few policies 
  • Misunderstanding of the value of cybersecurity tools 

Luckily, investing in cybersecurity doesn’t have to cost the earth. Instead, SMEs must be smart about their investments and increase cyber confidence for their employees.

Key takeaways from cost of living crisis report

Our report takes an in-depth look at these steps and how SMEs can implement them. These steps can help increase cyber confidence in your business and protect against cybersecurity threats.

Cyber confidence is key in the cost of living crisis

Uncertain economic conditions can make even the most stable business leaders feel on edge. Improving cybersecurity governance can help decision-makers protect their business and provide much-needed reassurance that their cybersecurity is under control. 

Read our report today to learn more about the current concerns of SMEs in the cost of living crisis, and how to mitigate cybersecurity threats.

SME cost of living crisis

How to reduce the cost of cybersecurity responsibly

Cost of cybersecurity

With the economy taking a turn for the worse, you may be looking for ways to cut your business spending. However, when it comes to cybersecurity, you can’t afford to be complacent – cutting back on this could cost you more in the long run if you lay yourself open to cyberattacks. So, here we look at how you can reduce the cost of cybersecurity responsibly and stay safe online.

Risks are rising

When you consider the potential impact a cyberattack could have on your business, you want to be sure you’re protected as securely as possible. According to a study by TrendMicro, 60% of small businesses close within six months of a cyberattack. And, even if your organisation survives an attack, the cost of cybercrime can be crushing, as a study by Cisco found that 40% of small businesses hit by a severe cyberattack experienced at least eight hours of downtime.

You can’t afford to think that it won’t happen to you. Cybercrime incidents are now commonplace. According to the UK government’s Cyber Security Cyber Breaches Survey 2022, 39% of UK businesses had identified a cyberattack in the past 12 months. And those companies that reported a material outcome, such as loss of money or data, experienced an estimated average cost of £4,200. But, where only medium and large businesses were considered, this figure rose to £19,400.

Unfortunately, experts are also predicting that with the cost-of-living crisis, cyberattacks will rise even further as cybercriminals step up their efforts. And the indications are that this is already happening. According to the 2022 State of Phishing report from SlashNext, phishing attacks increased by 61% in 2022. The Anti-phishing Working Group (APWG) also reported that there were three million phishing attacks in the third quarter of the year. This was the worst quarter it had ever seen. In addition, the percentage of users affected by targeted ransomware doubled in the first 10 months of 2022, according to Kaspersky Lab.

Worried about rising IT costs? Check out our guide to protecting your business on a budget.

The cost of cybersecurity

As rates of cybercrime have gone up, so has the cost of cybersecurity that can protect your business from so many risks. Organisations therefore often find that their spending on cybersecurity is substantial. For example, the Pursuing Cybersecurity Maturity at Financial Institutions report by Deloitte and the Financial Services Information Sharing and Analysis Center revealed that banks, insurance companies, investment managers, and other financial services companies spend between 6% and 14% of their IT budget on cybersecurity. This is approximately 0.2% to 0.9% of company revenue.

In light of these risks, how do you cut the cost of cybersecurity for your business responsibly without suffering severe consequences? It’s vital when considering cost-cutting in this area, that you strike a sensible balance between saving money and safeguarding your business. Well, thankfully, there are various measures you can take which will protect your business while keeping the cost of cybersecurity down.

Assess, prioritise and manage risks

The key to cutting the cost of cybersecurity responsibly is to assess, prioritise and manage risks. If your business has been operating for a while, the first step is to take stock of what tools are already in place. There may be some duplication, which you can remove to start making savings. You could also consolidate tools and use more automation, to improve efficiency without impacting your level of cybersecurity protection. 

It’s impossible to guarantee 100% protection from every threat, but you can focus on limiting the most likely ones. One risk it pays to address is the threat of phishing attacks. Data shows that 91% of all cyberattacks start with a phishing email, so prioritise your defences against this. Phishing is a type of social engineering attack, whereby a cybercriminal sends a message intended to trick the recipient into revealing sensitive data or downloading malware. So, ensuring that your employees receive good cybersecurity awareness training will reduce the chance of them succeeding. This can be a relatively low-cost cybersecurity measure and sets your staff up as a human firewall to safeguard your business.

While it’s vital to protect your business network, rather than having an in-house IT team to manage your cybersecurity, which can be expensive, you could also explore the alternatives, such as deploying a comprehensive cybersecurity solution. For example, with CyberSmart Active Protect, you can protect every device in your business, around the clock, with no need for an in-house team, expensive tools, or specialist expertise. This also provides the invaluable cybersecurity staff training, you need to strengthen your defences.

Step up your cyber hygiene

Another important step you can take to keep your business secure and the cost of cybersecurity down is to boost your cyber hygiene. This involves adopting rigorous, proactive procedures to protect against cyber threats, such as:

Backing up all data

Ensure all data is backed up to a secondary source, such as cloud storage, to help prevent your information from being lost in a security breach. This may sound obvious, but it’s often overlooked.

Using good password management

Use unique, complex, and regularly updated passwords. You could also consider using a password manager app to generate new ones each time and store them safely.

Updating your software

Regularly review and update all your software to ensure you’ve got the latest protection against security threats.

Limiting access

Only give login details to employees for the systems they really need access to, and limit admin-level access to those who must have it. This can help prevent any employee-related security issues.

Providing company devices

Avoid letting employees use their own devices, if possible. It gives you more control over where your data is and keeps you safe if an employee leaves your business.

Free online guidance

If you run a small business and want to improve your cybersecurity without breaking the bank, check out the National Cyber Security Centre’s Small Business Guide: Cyber Security. This offers practical, affordable advice. 

It explains simple measures you can take to protect your organisation from malware, such as ensuring that your firewall is switched on. It’s important that you have secure internet connectivity, and this creates a ‘buffer zone’ between your network and external networks. This is a straightforward step to take, as most popular operating systems now include a firewall.

Further free and invaluable advice, more appropriate for medium and large businesses, on how to build strong cybersecurity is also available via the National Cyber Security Centre’s 10 Steps to Cyber Security.

Cyber Essentials certification

Finally, if you want to keep the cost of cybersecurity down as responsibly as possible, you should gain Cyber Essentials certification. This is a cost-effective, UK government-backed scheme which covers everything your business needs to do to protect itself from cyberattacks. Simply by being certified, you can reduce your cyber risks by up to 98.5%.

This could also bring welcome new business your way, as it’s a great way to demonstrate to new customers that you take cybersecurity seriously. It also gives you the ability to bid for government tenders that require Cyber Essentials certification. What’s more, if you gain your certification with us, you get £25k free enhanced cyber insurance, for added peace of mind.

Cautious cost-cutting

Reducing the amount you spend on cybersecurity responsibly is possible, but should be carried out with caution. However, with the right know-how, you can keep expenditure down and ensure your business has the strong cybersecurity protection it needs.

Want to know more? Discover how to protect your business on a budget in our cost of living crisis guide.

Cost of living CTA 2

Budgeting for SMEs – why you should put cybersecurity first


Most of us hate budgeting. Sure, we all know an accountant who lives their life by the iron law of the spreadsheet. But, for most people, budgeting is just a tiresome task that’s necessary for the nitty-gritty of daily life. 

The same thing applies to running a small business. While we might not enjoy it, maintaining a sensible budget is often the difference between running a successful SME and joining the 60% who fail in their first five years

But while we’re all aware of the need for balanced books, there’s one aspect of budgeting that doesn’t often figure highly in SMEs’ plans. Cybersecurity. Here’s why your defences against cyber threats should be as important to your budget as OPEX or CAPEX. 

Budgeting for a changing world 

Change is part of a business. And every business, big or small, exists in a state of flux. When you think about it, it’s simply the natural order of things. Many of the technologies and business functions that are now crucial to modern organisations were niche concerns as recently as twenty years ago. Likewise, many things that were once considered indispensable are now close to obsolete. 

A great example of this is printing. Pre-internet, written communication between branches or with customers and suppliers was costly and time-consuming. Essentially, businesses were given a choice of print and fax or print and post – and this was seen as a totally necessary expense. 

Fast forward 30 years and few businesses print much beyond contracts and brochures. Printing is rightly seen as wasteful, environmentally destructive and unnecessary.  

Yet, while businesses have been quick to discard old methods, they’ve been slow to start thinking about cybersecurity in the same way as more traditional expenses.

Why don’t we include cybersecurity in our budgeting? 

So why don’t many of us take cybersecurity as seriously as we should? It can’t be that the risks aren’t high enough.  A 2019 study revealed that over 50,000 UK SMEs would collapse if hit by a cyberattack. And, 1.4 million businesses were hit by major attacks last year, costing them a combined £8.8bn.

Nor is our apathy towards cybersecurity necessarily down to cost. According to Offix, the average business spends £579 per person, per month on printing expenses. Yes, you read that right. Printing; the process we just described as almost obsolete. 

1.4 million businesses were hit by major attacks last year, costing them a combined £8.8bn.

If we take the average SME with a staff of ten employees and multiply that figure by a 12, that’s £5,790 per person, per year. For a business of the same size to invest in Cyber Essentials Plus certification and the CyberSmart platform for one year the cost is £3397.

Not only is that a saving of £2,393, it would also provide complete peace of mind that the business was protected from 98.5% of cyber threats. 

So if neglecting cybersecurity isn’t a value-based decision, what’s driving it?

Why do we view cybersecurity differently?

It’s actually very simple. Although the need for good cyber hygiene becomes more pressing every day, our perceptions of cybersecurity lag behind. Many SMEs view cybersecurity as complex, confusing and expensive. Something better left to big companies with big budgets. 

It’s not difficult to understand why people feel this way. There’s long been a ‘cyber privilege gap’ between large enterprises who can afford teams of experts, expensive consultants and the latest tech and everyone else. But, SMEs can no longer afford to invest the minimum and pray they don’t get attacked. 

Attacks against SMEs are on the rise. And it’s being compounded by COVID-19. VMWare’s recent report reveals 91% of businesses have seen an increase in cyber attacks as a result of employees working from home.

What can you do to better protect your business? 

Despite the perception proper protection is out of reach for many SMEs, it doesn’t have to be. 

CyberSmart Active Protect is built for SMEs. It offers a simple, step-by-step journey to securing your business – with no need for cyber expertise or extra expense. We’ll assess how you’re currently doing with a free cybersecurity healthcheck. Then, once we know where you’re at, we’ll guide you all the way through to achieving security you and your customers can rely on. 

In short, CyberSmart enables your business to: 

  • Protect itself 24/7 with regular checks of all company devices
  • Ensure your people and anyone accessing your data is working safely and cyber aware, with shareable security policies and protected devices – whether company or employee-owned
  • Prove to customers and suppliers you’re cyber secure by completing government-standard cybersecurity certifications

In our troubled times, SMEs face a fight against the odds to stay afloat. It’s estimated as many as 600,000 could shutter their doors for good in 2020. But surviving doesn’t have to mean spending big. Instead, it’s about spending smart. And that starts with cybersecurity.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button