Vodafone Business has presented a series of policy recommendations to the UK government, aiming to address the pressing issue of inadequate cybersecurity measures that are costing UK SMEs a significant amount of money annually. According to Vodafone’s report titled “Securing Success: The Role of Cybersecurity in SME Growth,” published on April 7, 2025, the financial impact of cyber-attacks on small businesses in the UK is substantial, with an average cost of around £3398 ($4370) per attack. This figure increases to £5001 ($6425) for companies with over 50 employees.
The report also highlighted the rise in cyber-attacks against SMEs, with 35% of businesses falling victim to at least one incident in 2024. Additionally, more than a quarter (28%) experienced between one and five attempted attacks, and 6% were targeted up to 10 times within a year.
Vodafone’s research revealed concerning trends in cybersecurity practices among UK SMEs. A staggering 52% of SME employees received no cybersecurity training, while 32% of businesses had no cybersecurity protections in place at all. Furthermore, 38% of SMEs invest less than £100 a year in cybersecurity, and 60% allow employees to use their own IT equipment when working remotely. These lax security measures have led to a significant number of cyber-attacks, with phishing being the most common threat faced by 70% of SMEs, followed by ransomware, DDoS attacks, and water holing.
In response to these findings, Vodafone Business has put forward a set of policy recommendations to the UK government to improve cybersecurity measures for SMEs. One of the key recommendations is to enhance the Cyber Essentials scheme, which Vodafone believes is not effectively reaching UK SMEs. The company suggested that awareness initiatives should engage SME owners during critical business activities, such as tax submissions and employee data reporting, to ensure comprehensive cybersecurity compliance.
Moreover, Vodafone called for tax incentives to encourage cybersecurity investment among SMEs, including R&D tax credits and full expensing for plants and machinery. The company emphasized the need for simplified access to tax reliefs for cybersecurity software and hardware through the establishment of a dedicated capital allowance.
In addition to these recommendations, Vodafone proposed greater public-private partnerships to facilitate knowledge sharing between larger and smaller firms, enabling SMEs to benefit from dedicated risk management schemes.
As part of its efforts to support SMEs in enhancing their cybersecurity measures, Vodafone is offering a complimentary one-month trial of CybSafe, a cybersecurity platform designed to educate and train staff on handling potential cyber threats. This trial includes access to essential modules focused on increasing employee confidence in identifying and mitigating risks such as phishing and ransomware attacks.
In conclusion, Vodafone’s policy recommendations underscore the importance of proactive measures to enhance cybersecurity resilience among UK SMEs. By implementing these suggestions, the government can help small businesses protect themselves against cyber threats and mitigate the significant financial losses incurred due to inadequate security measures.
Sources:
– Original Post URL: https://www.infosecurity-magazine.com/news/vodafone-urges-uk-cybersecurity/