Vodafone is urging the UK government to back the recovery of small and medium-sized enterprises (SMEs) after the pandemic by introducing stronger cybersecurity policies and support measures.
A report commissioned by Vodafone and published today reveals that nearly one in four SMEs—approximately 1.3 million businesses—say they would be unable to continue operating after a significant cyberattack. The findings highlight how many small businesses remain vulnerable after the economic disruption caused by the pandemic.
Anne Sheehan, Business Director at Vodafone UK, warned:
“Cyberattacks are an existential threat to Britain’s small businesses, yet nearly a third have no cybersecurity strategy in place. As SMEs move more of their operations online, it’s essential they take the necessary steps to protect themselves—and that the Government increases support to help them do so. The UK needs successful, resilient small businesses.”
Beyond immediate financial losses and the cost of fixing systems after an attack, data breaches can lead to significant regulatory fines and long-term reputational damage that undermines customer trust and future sales. The report estimates the average cost of a successful cyberattack at £3,230.
Nearly 23 percent of SMEs surveyed said a cyberattack of that average cost would force them to close; another 16 percent said it would likely require staff layoffs, while 23 percent said it would deplete their financial reserves. Only 22 percent said a loss of that magnitude would not materially affect their business.
Attempts to compromise businesses are becoming more frequent: 31 percent of respondents reported an increase in cyberattacks since the UK entered lockdown in March 2020. Overall, more than four in ten SMEs (41%) experienced a cyber incident in the past 12 months, and one in five said they had been targeted six or more times.
Simon Fell, Chair of the All-Party Parliamentary Group on Cybersecurity, commented on the report:
“This new report from Vodafone shows that businesses often lack awareness of the cybersecurity risks they face, the protection they need to mitigate them, and the resources to withstand them. SME cybersecurity is not a niche issue affecting a few entrepreneurs—it is a matter of national economic resilience.”
After a shock like the pandemic, firms often hesitate to invest. However, underinvesting in essential areas such as cybersecurity can have catastrophic consequences for an SME’s survival. To help make protection more accessible and affordable, Vodafone proposes several policy measures for government consideration:
- Introduce a reduced five percent VAT rate on cybersecurity products to lower upfront costs for businesses.
- Increase funding for the National Cyber Security Centre (NCSC), suggesting a five percent uplift to improve SME-focused protections and guidance.
- Boost research and development budgets for cybersecurity product innovation, with targeted investment in research centres in the North and Midlands.
- Include a dedicated section on SME protection in the next National Cyber Security Strategy to ensure small-business needs are prioritized.
These recommendations aim to reduce financial barriers and broaden access to practical security measures, helping SMEs recover from the pandemic without facing further disruption from cyber incidents that could lead to layoffs or permanent closure.
Interested in hearing industry leaders discuss topics like this? Consider attending events that bring together experts in networking, IoT, blockchain, AI, big data, and cybersecurity, where the latest strategies for protecting businesses and critical infrastructure are debated and shared.