Cybersecurity isn’t just for big business
Posted on July 21, 2025 by Louise Howland
Why small and mid-sized organisations can’t afford to ignore cyber threats
A recent BBC report revealed that cybercriminals are targeting UK companies of all sizes, with a noticeable rise in attacks on small and medium-sized businesses. The article highlights how hackers exploit vulnerabilities in underprepared organisations, often causing widespread disruption and financial loss. One stark example is the collapse of KNP Logistics, a 158-year-old logistics firm, where one single weak password, unguarded by multi-factor authentication, allowed Russian-linked hackers to gain access, encrypt core systems and demand a ransom. The attack left the business unable to operate or secure emergency funding, ultimately forcing it into administration and resulting in the redundancy of around 730 employees.
Cyberattacks are no longer headline-grabbing hacks of multinationals, they’re often silent infiltrations of small and medium-sized businesses (SMBs), charities and startups. Criminals know that less prepared organisations make easier targets, and much can be lost, from financial assets and sensitive data to brand reputation.
At ramsac, we see this every day, the threat landscape doesn’t scale neatly with company headcount.
What the BBC story teaches us
The BBC article underscores that cybercriminals don’t need to launch major campaigns to inflict serious damage. Many smaller organisations underestimate their value to attackers, after all, hackers love low-hanging fruit. What stood out:
- High sophistication, small targets: Even a minor breach, like a stolen employee login, can snowball into ransomware, data theft or massive operational downtime.
- No business is too small: Hackers often treat SMBs as gateways into larger networks via the supply chain.
👉 The takeaway? A small organisation isn’t ‘too insignificant’ to hack, it’s just too easy.
Top 5 cybersecurity must-haves for every organisation
- Foundation: patch, firewall, backup, antivirus
Keep systems, operating systems and applications regularly patched. Use managed firewalls and carry out daily backups, with one copy stored offline or off-site. - Add MFA (multi-factor authentication)
SMS or app-based two-factor protection for email, VPNs and admin pages drastically cuts the risk of account takeover. Yet only around 75% of SMBs use it, compared to 91% of larger firms (marsh.com). - Phishing awareness training
Humans are often the weak link. Regular staff training and simulated phishing tests build resilience, especially if delivered quarterly or bi‑annually. Over 60% of small firms see phishing as a top concern (crowdstrike.com). - Risk assessments and supplier checks
Understand your digital ‘attack surface’, including remote access, third-party software and cloud services. While patching is common, only ~14% of firms audit supplier cyber hygiene (cybernews.com). It only takes one weak link in your ecosystem to invite an intrusion. - Incident response plan and cyber insurance
Prepare for the worst. Designate roles, communication steps and data recovery procedures, then practice! Cyber insurance (adopted by 62% of small UK firms) can help cover costs like forensic investigations, legal advice and operational disruption (cybernews.com, money.co.uk).
ramsac’s bottom line
Cybercrime is not reserved for the household names on the front pages. It is a clear and present threat to every organisation, whatever your size or sector.
If you are not actively patching, deploying MFA, training your teams, managing risk and planning for incidents, you are leaving the door wide open.
At ramsac, we help organisations like yours build a robust security foundation tailored to your size and budget. Take the first step towards better cyber resilience and speak to our team today, so you can focus on growth with confidence, not fear.
Cybersecurity threats facing UK SMEs in 2025
