A recent study by Markel Direct, a specialist insurer for small businesses, has identified the key cyber security concerns facing small and medium-sized enterprises (SMEs) in the UK.

The survey of 500 SMEs revealed that the growing sophistication of cyber threats is the primary concern for 62 percent of business owners.

With advancements in artificial intelligence (AI) and machine learning, cyber criminals are increasingly exploiting these technologies to carry out more complex attacks. This development has heightened anxieties among SMEs, many of whom are adapting to the digital era while contending with evolving threats.

The security of remote work environments is another concern. As 23 percent of SMEs noted, the shift towards remote or hybrid working models introduces additional risks. While offering flexibility, these arrangements require robust measures to safeguard sensitive company data accessed outside traditional office settings.

Work Security Measures

According to the survey, 72 percent of SMEs ave invested in antivirus and anti-malware software, and 69 percent regularly update their system software. Other measures include multi-factor authentication, employed by 52 percent of businesses, and email filtering to reduce spam and phishing attacks, reported by 49 percent.

Virtual private networks (VPNs) are also used, with 52 percent of respondents reporting their implementation. Under half (48%) of SMEs provide training on secure remote work practices, while 46 percent enforce remote access policies and controls.

Despite these efforts, the study uncovered significant gaps. About half (49%) of SMEs admitted they would not know how to respond to a cyber attack, and 69 percent do not have a formal cyber security policy in place.

Proactive Measures

Many SMEs are taking steps to mitigate cyber risks. However, the study revealed that 43 percent of employees are not trained on best practices or potential threats, leaving organisations exposed to avoidable risks.

The study highlights areas where SMEs could strengthen their defences. Over half (53 percent) lack cyber insurance to mitigate the financial and operational impact of a breach. Additionally, 35 percent of businesses do not encourage employees to regularly update passwords, a basic yet effective preventative measure.

Data encryption is another underutilised tool, with only 44 percent of respondents reporting its implementation. Similarly, regular data backups, essential for recovery in the event of an attack, are conducted by just 46 percent of SMEs.

A Growing Threat

Rob Rees, Divisional Director of Markel Direct, said, “Staying ahead of cyber threats is crucial for small business owners, especially as AI-driven attacks continue to evolve. Having a robust cyber security policy in place can help create a framework to safeguard against ongoing threats, whilst cyber insurance can help to protect your business in the event of a targeted attack.

“Almost half of SMEs reported not knowing what to do in the event of a cyber-attack – something that can be key to mitigating its impact. This is why we provide Markel Direct cyber insurance policyholders with access to a cyber response helpline; so that expert guidance is on hand to help small business owners should they experience a cyber security incident.”