The Verdict’s in: SMEs are Better at Cyber Defence than Big Businesses

Historically, small and medium-sized businesses have been disproportionately impacted by cybercrime compared to larger companies. In fact, just three years ago, 96% of all cyber-attacks targeted SMEs.[1] This is likely due to cybercriminals noticing that smaller companies had limited defence resources compared to bigger companies, giving them a greater chance of a successful breach.

While the picture is no longer quite so dire for SMEs, recent government data shows an even more surprising shift. According to the Government’s cyber breaches security survey 2025, there were significantly fewer cyber-attacks against SMEs (42%) compared to last year (49%) – a nearly 7% reduction. The same can’t be said for medium (64%) and larger (74%) businesses, which reduced only by a few points each.

You can’t (entirely) outsource your cyber defence

Clearly, SMEs are doing something right – but what?

While there are no hard and fast explanations, the survey pulls out strong management as a possible reason, noting that ‘organisations with active senior leadership demonstrated more robust security strategies.’

At the same time, the survey notes two things that, together, may be a cause for concern. The first is that there’s a downward trend in businesses who are aware of the Government’s Cyber Aware campaign, and the second is that SMEs are increasingly reliant on external cyber consultants for information.

While external consultants are an essential and invaluable resource for SMEs, particularly those unable to recruit for a role internally, they aren’t a replacement for developing your own cyber strategy. A truly effective cyber defence has to start from within your business. That means fostering a culture of cyber alertness in your workforce, informing your business processes, and staying ahead of the latest cyber developments.

Staying ahead of the hackers?

When you drive a car, you wear a seatbelt. You just do.

In the same way, if you run your own business, you need cyber insurance.

That’s because even businesses who do everything right can still be victims of a cyberattack, and the consequences can be as severe as losing your business. What’s more, in the cyber world, there’s simply no such thing as being ‘ahead’, as hackers are constantly honing and developing their techniques to breach more and more successfully.

That’s why insurance is crucial to your cyber defence strategy.

Cyber Insurance with Towergate

Cyber threats are constantly evolving, and small businesses are often the most vulnerable. Towergate Insurance specialises in helping businesses like yours navigate these complex risks.

Contact us today to discuss how cyber insurance can help your small business: 0330 162 9107.

Sources

[1] BIBA - A guide to cyber insurance-2022 - Page 7

About the author

Marc Rocker, Head of Cyber has been with Towergate for over 15 years advising commercial clients of all sizes on their business insurance needs.

As Head of Cyber Insurance, Marc has responsibility for ensuring that the advice and products that Towergate provides meet clients’ needs. Marc is a member of the British Insurance Brokers’ Association (BIBA) cyber technical committee.

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems, we recommend that professional advice be sought.