Vodafone Enterprise has made numerous coverage suggestions to the UK authorities, together with enhancements to the Cyber Necessities scheme and tax incentives for cybersecurity, after revealing that insufficient cybersecurity measures price UK SMEs £3.4bn ($4.4bn) yearly.
Vodafone discovered that the typical price of a cyber-attack for a small enterprise is round £3398 ($4370), with this determine rising to £5001 ($6425) for firms with over 50 workers.
These findings are a part of Vodafone Enterprise’ Securing Success: The Function of Cybersecurity in SME Development report, printed on April 7, 2025.
Vodafone Enterprise famous that cyber-attacks towards SMEs have surged in recent times and 35% had been victims to at the very least one incident in 2024.
Greater than 1 / 4 (28%) suffered between one and 5 tried assaults, whereas (6%) had been focused as much as 10 instances in a yr.
Cybersecurity Points Amongst SMEs
Vodafone’s analysis confirmed that 52% of UK SME workers acquired no cybersecurity coaching and 32% of SMEs had no cybersecurity protections in place in any respect.
In the meantime, lower than £100 a yr is invested in cybersecurity by 38% of SMEs and 60% of SMEs permit workers to make use of their very own IT gear when working from dwelling.
A fifth of distant employees have been focused by cybercriminals and 15% of SME workers have been banned from working from dwelling due to the danger of falling sufferer to a cyber-attack.
The commonest cyber-attacks SMEs ought to think about defending towards embody phishing, with 70% of corporations experiencing this prior to now yr, ransomware, distributed denial-of-service (DDoS) assaults and water holing.
Vodafone Points Coverage Suggestions to UK Authorities
Vodafone Enterprise issued a number of coverage suggestions to the UK authorities to make sure that cybersecurity instruments are scalable and reasonably priced for all SMEs.
The coverage suggestions included a lift to the Cyber Native funding scheme, which has a restricted attain and Vodafone commented that only some profitable grants focused SMEs. In January, 2025, the UK authorities introduced £1.9m ($2.3m) in authorities and personal sector funding for 30 Cyber Native initiatives throughout England and Northern Eire
Vodafone additionally known as for a overview of the Cyber Necessities program, final up to date in 2022, which it stated was not sufficiently reaching UK SMEs. Consciousness schemes ought to interact SME house owners throughout key enterprise actions, equivalent to tax submissions, worker information reporting, or new enterprise registrations, Vodafone famous. For SMEs with over 50 workers, necessary compliance could possibly be built-in into present reporting obligations.
The corporate additionally known as for tax incentivization for cybersecurity funding by instruments like R&D tax credit and full expensing for vegetation and equipment.
Noting the complexity of funding of cybersecurity software program below present capital expenditure definitions, Vodafone advocated for the institution of a devoted capital allowance for cybersecurity that covers each {hardware} and software program would simplify entry to tax reliefs.
Lastly, the corporate known as for higher public/non-public partnerships, which permit smaller corporations to realize insights from bigger corporations with devoted threat administration schemes as an example.
Vodafone is now providing SMEs a complimentary one-month trial of CybSafe. The trial model grants important entry to the platform’s training and coaching sections, that includes numerous modules designed to extend workers confidence in dealing with potential cyber threats, equivalent to phishing or ransomware assaults.
