search icon
Back

Digital Newsroom

How to protect your business from cyber threats

New research shows that small and medium-sized businesses (SMBs) recognise the risks of being targeted by cyber criminals – but, for many of them, finding the time and resources to implement an effective cyber security strategy can be a major challenge. We look at the steps SMBs can take to enhance their cyber resilience in the face of the growing threat from criminals using AI.

By Chris Torney

While cyber attacks on major companies like Jaguar Land Rover and Marks & Spencer get the lion’s share of media coverage, small and medium-size businesses can be just as vulnerable. We look at how to protect your firm from current and future threats.

Recent research commissioned by Sage shows that while small and medium-sized businesses (SMBs) are largely aware of the potential threats posed by bad actors, many remain exposed to cyber security risks.

The report, titled SMBs in the Age of AI: Navigating cyber complexity and building resilience and conducted by IDC, found that 52% of SMBs around the world say that investing in cyber security is strategic priority for the coming year. But worryingly, a similar percentage report that they have been subjected to some form of cyber attack or data breach in the past 12 months.

The smallest companies appear to be the most vulnerable: just 13% of micro businesses (those with fewer than 10 employees) and 21% of small businesses (between 10 and 99 employees) say they take a ‘proactive’ approach to cyber security. Only half (50%) of all SMBs carry out phishing simulations, and barely a third (36%) train staff consistently or test incident response plans.

Meanwhile, the rapid development of artificial intelligence (AI) technology has increased the cyber security pressured faced by SMBs: AI has made it significantly easier for criminals to target businesses of all kinds. However, 81% of SMBs say they are either unable to handle AI threats or are only in the early stages of preparing a cyber security strategy that accounts for AI.

UK Cyber Security Minister Baroness Lloyd adds: “Small and medium-sized businesses are under growing pressure from cyber threats, and AI is making that challenge more urgent. But strong cyber resilience does not always mean expensive or complicated action. It starts with getting the basics right.”

So what steps should business owners and management teams be taking to protect against cyber threats?

Understand that staff are your first line of defence

“Criminals do not always need sophisticated technical attacks,” says Jonathan Benton, CEO & founder of technology and forensic investigation company iSanctuary. “They are looking for opportunities to exploit people, processes and trust. What we are seeing increasingly is the use of AI to make scams more convincing. Phishing emails, fake invoices and impersonation attempts that were once easy to spot are becoming much harder to distinguish from legitimate communications.”

Benton explains that staff need to be trained to challenge unusual requests, and says payment processes should include independent verification, with multi-factor authentication (MFA) used wherever possible. “Most successful frauds exploit a lapse in process rather than a failure of technology,” he says.

“Smaller businesses should be a team sport, not just an IT problem,” adds Dray Agha, senior manager of security operations at cyber security platform Huntress. “Start with the simple stuff, like making sure everyone uses strong passwords and double-checking logins. Most importantly, chat with your team regularly about how to spot scam emails and messages.”

Enhance resilience with limited resources

In the face of rising costs and increasing bottom-line pressure, finding extra cash to deal with cyber threats can be a challenge. “But small businesses don't need a team of cyber experts on payroll,” Agha points out. “Instead, focus on doing the basics really well. Carve out a small, regular slice of your budget to keep your software updated and your data backed up, rather than buying flashy tools you don't have the time to use. Where you can invest in cyber security training, please do so, it's the single best investment you can make.”

“For smaller businesses, cost-effective external support is also readily available,” says Sarah Bone, co-founder of secure communication service YEO Messaging. “The UK’s National Cyber Security Centre offers free guidance, and schemes such as Cyber Essentials provide a practical framework to strengthen protection without requiring specialist expertise.”

Agha adds: “If you don't have an IT whizz on staff, partnering with an external IT support company can be an affordable way to have an expert watch your back while you focus on running your business.”

Address AI risks

The emergence of AI-powered threats has increased the pressure on SMBs to look at potential cyber vulnerabilities. Bone says: “Criminals are now using AI to easily create more convincing phishing emails, fake voices and even impersonation attempts that appear to come from trusted colleagues or suppliers.”

Jorge Monteiro, CEO of the AI cyber security company Ethiack, adds: “For many companies, especially SMBs without big IT security budgets, the battle against AI-driven cyber attacks is not a fair fight..”Monteiro says one option is to move away from the traditional, reactive approach to cyber safety: “Organisations must move away from periodic testing of their cyber defences to adopt continuous, AI-driven security validation. Ethical, autonomous AI tools are becoming mainstream as companies realise they need the same automation and adaptability as that being used to attack them.”

For micro-businesses, Sage and IDC believe an effective AI-focused cyber security policy might include establishing basic monitoring of AI services and carrying out basic AI security checks on software vendors – selecting solutions that are trustworthy and committed to security. 

Ultimately, cyber security is no longer just about protecting a business from risk. It is about creating the confidence to grow, innovate and adopt new technologies. As AI continues to transform the way businesses operate, SMBs that embed good security practices into everyday operations will be better placed to take advantage of new opportunities while building trust with customers, employees and partners.