Government urges businesses to “lock the door” on cyber criminals

Appearing across social media, podcasts, radio and business networks, the campaign aims to reach SMEs and encourage them to engage with the Government’s Cyber Essentials scheme, which sets out clear and practical steps they can take to protect themselves from the most common cyber attacks.

Such steps include keeping software up-to-date and controlling who has access to accounts and data in order to immediately boost cyber resilience. Many cyber incidents exploit these basic weaknesses. Cyber Essentials is designed to safeguard against them.    

The campaign emerges as new figures detail the scale of the threat facing businesses at present. Significant cyber incidents cost an average of £195,000, while it’s estimated that circa 50% of all small businesses have suffered a cyber breach or attack episode in the last 12 months.   

Last year, 92% fewer insurance claims were made by those organisations with Cyber Essentials in place. Proof-positive that the scheme works. This form of certification can also help businesses win Government contracts, while eligible firms are able to access free cyber insurance (including a 24/7 emergency Helpline provided by the dedicated Cyber Essentials delivery partner).  

With cyber episodes estimated to cost UK businesses a staggering total sum of circa £14.71 billion per annum, the campaign will help to protect the growth that’s fundamental for job creation, improving living standards and the funding of public services.

Easy opportunities

Cyber Security Minister Baroness Lloyd stated: “No business is out of reach of the cyber criminals. SMEs play a vital role in our economy, while business owners work incredibly hard to build something valuable, but too many still assume cyber criminals only go after the bigger brands. The truth of the matter is that criminals look for easy opportunities and, without basic protections in place, any business of any size can become a target.”  

Baroness Lloyd continued: “We know full well that smaller firms don’t have large IT teams. That’s precisely why Cyber Essentials matters. It provides a straightforward ‘checklist’ to lock the door on cyber criminals without needing any form of specialist expertise. Just like fire or theft, cyber risk is business risk and the protections are every bit as essential. We urge businesses to take action now and adopt Cyber Essentials.”

Developed by experts at the National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology (DSIT), Cyber Essentials focuses on five key protections: firewalls, secure configuration, software updates, user access control and malware protection.

In essence, Cyber Essentials affords businesses clear and practical steps to follow, in turn helping them to demonstrate to customers and suppliers alike that they take the topic of cyber security very seriously indeed.  

For many firms, a single significant attack could be the difference between staying in business and closing the doors forever. As such, and in order to help businesses on their cyber security journey, the Government’s campaign highlights several free tools and resources as follows:     

*Cyber Essentials Readiness Tool: an online self‑assessment to identify gaps  

*free 30‑minute consultations with NCSC‑assured cyber advisors for those SMEs preparing to meet Cyber Essentials certification  

*the chance to preview the Cyber Essentials ‘Question Set’ for free (the ‘Requirements for IT Infrastructure’ can be used alongside to help businesses identify if they’re ready for certification)

New research  

New research has just been published that reveals the scale of the cyber threat facing UK businesses more broadly. The Cyber Security Longitudinal Survey highlights that 82% of medium-sized and larger businesses have suffered a cyber incident in the past year. This reinforces the truism that no business, regardless of size, is out of reach of the cyber criminals.

More organisations are recognising the benefits of taking action. The adoption of Cyber Essentials among larger companies has risen from 23% to 30%, reflecting a growing understanding of the need for basic cyber protections. With uptake improving among larger firms, there’s clear momentum, but more needs to be done.

This new Government campaign is targeted at smaller businesses, encouraging them to adopt baseline protections like Cyber Essentials, thereby strengthening supply chain security, while in tandem supporting SME resilience, business continuity and long‑term growth.

NCSC CEO Dr Richard Horne observed: “Many small business owners assume their company is too small to be on the cyber criminals’ radar. In reality, we know that most attackers don’t care about size, reputation or logos. Rather, they’re looking for opportunity and weaknesses. Small businesses don’t need to go to the ends of the earth to put baseline cyber security measures in place as the Cyber Essentials scheme can help them take practical steps now.”

Horne concluded: “I strongly urge all businesses to implement the five key security controls designed to help protect them against the most common and damaging online threats.”

Alongside this campaign, the Government is strengthening cyber resilience across the economy through the Cyber Security and Resilience Bill. The latter will update and strengthen the UK’s cyber resilience framework for essential and digital services and key suppliers, helping to protect the services people rely on every day: from energy and water to healthcare and Data Centres.

Ultimately, stronger defences throughout supply chains will reduce the risk of disruption from cyber attacks and assist in keeping vital services running.

Industry reaction

Andy Ward, senior vice-president of international business at Absolute Security, commented: “Our recent research found that 53% of Chief Information Security Officers expect a significant cyber attack within the next 12 to 18 months, while almost one-fifth of organisations have experienced operational disruptions lasting up to two weeks, with most of them facing up to five days of downtime. The reality of the situation is that cyber attacks are unavoidable and often result in costly downtime as well as wider operational and financial impacts.”

Ward went on to state: “Cyber resilience is about preparedness and having clear visibility, strong response protocols and robust recovery plans in place to restore systems quickly and minimise downtime. It also requires secure and policy-driven network access that ensures only trusted users and devices can connect to critical systems. This serves to reduce exposure and contain risk before disruption spreads.”

In conclusion, Ward explained: “When core services are disrupted, the ability to isolate issues, regain control and maintain operational continuity is critical. As threats evolve, organisations must ensure they can withstand disruption. Campaigns like this one from Government help raise awareness and drive practical action.”