Reasons Why 2 Million SMEs Have No Cybersecurity Training

A joint study by BT and Be the Business reveals that two in five (39%) SMEs, equivalent to two million businesses, have not arranged cybersecurity training for their teams, despite four in ten (42%) small businesses having experienced a cyberattack in the last 12 months, increasing to two in three (67%) for medium-sized companies.

Severe implications for SMEs

The impact can be profound, costing companies considerable money and time to recover from an attack. 

On average, micro and small businesses have to pay £7,960 (US$10,825) to cope with their most disruptive breach when it resulted in damage, according to the latest Government survey.

What are the main threats?

The most common attack SMEs face is phishing, with email scams targeting 85% of UK businesses. 

Ransomware incidents, meanwhile, have more than doubled in the last 12 months, rising from affecting less than 1 in 200 businesses last year to 1 in 100 in 2025. 

A separate report by BT reveals large businesses that are more proactive with their cybersecurity are more likely to grow than those that aren’t. It showed that these “cyber agile” companies have a 20% higher growth rate, on average.

BT increases support for SMEs

In response, BT is enhancing its security product suite with the launch of dedicated security training to help SMEs understand the practical steps they can take to protect themselves against potential breaches and cyber attacks. 

The training educates small businesses about next-generation threats, including the role of AI and quantum computing. It also highlights the rise of attacks, including account takeovers, where stolen customer credentials are used to breach systems, as well as QR code scams – or “quishing” attacks – which have surged by 1,400% in the past five years.

Tristan Morgan, Managing Director for Security at BT, comments: 

“At BT, our mission is to enable UK businesses to grow and prosper and we know the challenges SMEs face protecting themselves from growing cyber threats. These often include budget constraints and the lack of a dedicated cyber team, but for SMEs a cyber attack isn't just an inconvenience; it poses an existential threat.

“The good news is that effective cybersecurity doesn't require corporate-grade resources. With the right training, basic security measures and awareness, SMEs can dramatically reduce their risk profile.

“The key is recognising that, in today's digital landscape, cybersecurity is not a luxury but a foundation that enables companies to face forwards confidently, rather than forever looking over their shoulder.”

Further BT research findings: 

• The biggest cyber concern for 18% of UK SMEs is the threats posed by AI. Seven in ten business leaders (69%), however, are considering using AI tools to protect themselves.
• About half (46%) of business leaders turn to industry experts for cybersecurity advice, more than any other source.

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand