MANCHESTER, UK / ACCESS Newswire / December 1, 2025 / Cyber security experts are warning that small organisations should treat cyber risks as a core business threat, not just an IT issue. Business leaders are being strongly encouraged to make cyber resilience top of their list of New Year's resolutions to ensure that they have covered the basic elements of cyber protection.

Limited budgets, lean staffing and increased reliance on cloud-based software are creating the perfect storm for cyber criminals who are shifting their tactics toward smaller, easier to target organisations.

A new Microsoft report found that over 70% of human-operated ransomware attacks target organisations with fewer than 1,000 employees. On top of that, recent research from BT found that two in five (39%) of SMEs - a whopping two million organisations in the UK - have not organised any cyber training for their employees.

The research from BT also found that the average cost of the most disruptive cyber breach for small or micro businesses is £7,960 and can take months to recover from.

Cyber experts found that three trends that are converging to make 2026 particularly risky for smaller organisations:

• AI-powered and automated cyber attacks: Cybercriminals are increasingly using automation and generative AI to scale phishing, social engineering and ransomware attacks, making scams harder to detect and more convincing to employees.

• Expanding digital footprints: More small businesses now rely on cloud services, SaaS platforms, and remote work tools, creating more entry points for criminals.

• Third-party and supply-chain exposure: A growing proportion of breaches in small firms are linked to vulnerabilities at external suppliers or IT providers, rather than direct attacks on the business itself.

DI Dan Giannasi, head of cyber and innovation at the North West Cyber Resilience Centre (NWCRC), part of a national network of centres across England and Wales, said: "2026 is shaping up to be a defining year for cyber security for smaller businesses and organisations. Cyber criminals often target smaller businesses, education or charities as they know they are an easier target, and can often be within the supply chain for larger organisations.

"Small businesses and other organisations are the backbone of our economy. As a police-backed organisation, we are asking them to take proactive steps now, in order to protect themselves against cyber breaches throughout 2026.

"Small businesses cannot afford to see cybersecurity as optional or an IT department issue. Protecting against potential threats such as phishing and ransomware are absolutely essential and should be viewed as a business critical mission."

Practical steps for small businesses and organisations in 2026

Cyber security specialists recommend that small businesses prioritise practical actions in 2026 including:

Invest time on regular staff cyber awareness training:
Educate employees about phishing attempts, social engineering and other cyber attack entry points as human error is a key factor in most successful attacks.

Install MFA wherever possible:
Implement multi-factor authentication (MFA) on all business accounts where possible, remove unused or old accounts and restrict admin rights where necessary. MFA can block 99% of unauthorised attempts making it the most important protection for any business.

Password hygiene:
Ensure your employees know how to use strong passwords that are unique for every account. They should use a password management tool, such as 1Password, where possible.

Ensure backups and recovery plans:
Maintain and regularly test secure, tested backups so the business can recover quickly from any ransomware or data loss. Also ensure you have a full Incident Response Plan which outlines all of the steps that should be taken in the event of a cyber breach or attack.

Review suppliers and partners:
Assess the security practices of outsourced IT providers, cloud platforms, and other third parties that handle sensitive data or critical services.

For more information about cyber resilience for businesses and organisations, visit www.nwcrc.co.uk.

MEDIA CONTACT

Name: Carolyn Hughes
Company: Breathe PR
Email: carolyn@breathepr.co.uk
Website: https://www.nwcrc.co.uk

SOURCE: The North West Cyber Resilience Centre