This site uses cookies to improve your browsing experience and analyse use of our website. By clicking ‘I accept’ you agree and consent to our use of cookies. You can find out more about our cookies here. Find out more

Here, there and everywhere: the cyber threats facing small businesses

Peter Richardson

When cyber-attacks and data breaches hit the news, they invariably involve the largest businesses or national institutions like the NHS.  But this doesn’t mean small businesses are not under threat too.  Every business, regardless of size or industry sector, is at risk.  

Moore accountants work closely with small businesses and want to make sure they are fully aware of the threats they face every day, in the ordinary course of business.  You do not need to be doing anything particularly sophisticated to be at risk.  Simply clicking a link in an email can leave you vulnerable to a data security breach. 

Part of the challenge lies in the fact that hackers and cyber criminals do not just target specific companies with their attacks.  Many forms of malware (malicious software) can trawl the internet looking for vulnerable websites and computers.  No one needs to have a specific grudge against you.  That said, a ‘malicious insider’ – a member of staff disgruntled for some reason – is also a risk that can never be fully ruled out. 

Moore’ latest research, entitled ‘Here there and everywhere: the cyber threats facing OMBs’ reports on the levels of awareness that owner managed businesses have regarding the various threats facing them and the steps they are taking to counter these threats. 

Detailed below are some of the key findings from their research of business leaders across the UK: 
•    Malicious code (83%), computer viruses (82%) and phishing email scams (80%) are the key threats that owner managed businesses (OMBs) are aware of and which pose the biggest threat to their business; 
•    In total, 41% of OMBs have already suffered from either a cyber-attack or an inadvertent data loss. 
•    68% of small business leaders recognise their current cyber prevention isn’t sufficient. 

Around one in five (19%) of the OMBs Moore surveyed say they are aware of cyber and data privacy threats but are ‘not too worried.’ Given the nature of the threat, they should be.  

What is really important now is that all businesses take the basic and essential steps to establish and maintain their cyber-attack and data loss defences – setting policies, maintaining controls and training staff.  No defences can be 100% secure, but they can go a long way toward preventing breaches and the unnecessary costs, business disruption and damaged reputations that follow.  

It’s a huge concern that 31% of OMBs in the survey are aware of cyber and data privacy threats but say they don’t know what action to take.  Advice is widely available and even free.  A useful source of help is the government-endorsed Cyber Essentials scheme (see  If professional expertise is needed, then it’s best to look for specialists in cyber-attacks and data loss (whether to help with prevention or recovery), rather than assuming general IT service providers have the necessary expertise.  

Now is the time for businesses to take action, review all areas that could be at risk and prepare robust defences.  Taking action to address the many threats and risks should be a high priority for all - after all, 40% of small businesses like you have already been victims. 

A full copy of the Moore report can be found at To discuss any of the findings of the report, please contact Moore (South) LLP on