Top cyber attack threats business owners need to be aware of
Cyber attacks are an increasing risk for businesses of all sizes. We outline the most common cyber threats business leaders need to look out for and some tips on how to prevent them
Dan Martin Small business journalist, event host
Reading Time 5 minutes
‘Cyber security is now a matter of business survival and national resilience’, said Dr Richard Horne, chief executive of the National Cyber Security Centre (NCSC) in October 2025.
As well as the NSCS dealing with four ‘nationally significant’ cyber attacks every week that have a substantial impact on the UK’s national security, economy or critical infrastructure, half of all small businesses experienced a cyber breach or attack in the last 12 months.
Types of cyber attacks
Phishing and social engineering
This is the most common type of cyber attack, with the government’s 2025 cyber security breaches survey showing that 93% of businesses and 95% of charities have experienced phishing.
Phishing and social engineering involves fraudulent messages that trick people into sharing sensitive or confidential information such as passwords and bank details.
Phishing: fake communications, such as an email or text message, that appear to be from a reputable source and manipulate people to click on a malicious link and share information.
Spear-phishing: these are targeted attacks sending personalised messages which trick the recipient into believing they are legitimate.
Business email compromise (BEC): a scammer sends messages which look like they are from a key individual in an organisation, such as a manager or chief executive, and convince the recipient to take actions like transferring money or sharing sensitive information.
Malware and ransomware
Malware is the collective term for any type of malicious software which gives unauthorised access to systems that allow the perpetrator to steal information or cause damage. Types include:
Viruses: this is malicious software that replicates itself by becoming attached to programmes, files, or documents. It can lead to systems slowing down, corrupted files, and unwanted messages being displayed. The primary source of viruses is email attachments that when clicked or downloaded release the bad software.
Trojans: malicious software that disguises itself as legitimate to trick the recipient into downloading it. Unlike viruses, it does not replicate itself.
Ransomware: this is a particularly damaging attack because fraudsters encrypt the victim’s systems or files and refuse to release them until a ransom is paid, usually in the form of cryptocurrency.
Although not officially confirmed by the company, experts say ransomware was one of the likely attacks behind the high profile cyber breach of car company Jaguar Land Rover (JLR). It cost JLR alone an estimated £1.9bn – without mentioning the damage to those in their supply chain – and is the most economically damaging cyber event in UK history, also contributing to a slowdown in UK economic growth, official figures showed.
Denial of service attacks
This type of cyber attack floods a computer, network or service with requests or traffic in an attempt to shut it down and make it inaccessible to users.
A denial of service attack (DoS) sends traffic from one source with the aim of crashing the system, while distributed denial of service (DDoS) is a more sophisticated and harder to deal with incident which uses a network of multiple sources (known as a ‘botnet) to carry out the attack.
How to combat cyber attacks
Ways to prevent cyber attacks or reduce their impact on your business include:
- Write a clear cyber security policy that outlines acceptable use, password rules, access controls, incident reporting processes, and responsibilities. This should be tailored to the nature of your business.
- Introduce annual cyber security training so you and your employees understand how to recognise cyber attacks and follow safe password practices. Government resources to help include the National Cyber Security Centre’s free cyber toolkit and the Cyber Essentials certification scheme which includes cyber liability insurance for any UK organisation with an annual turnover of less than £20 million.
- Implement multi-factor authentication (MFA) on critical business systems to reduce the risk of criminals trying to access them. You may have used MFA yourself when accessing a bank account. MFA requires your team to submit information, typically from a second device, to login as well as the password.
Regularly update your operating systems, software, and hardware to prevent cyber criminals exploiting vulnerabilities. - Keep offsite backups of critical business data as protection against ransomware.
For background information, there’s also a Help to Grow: Management Alumni Network webinar on the crucial role of cyber security here and another on AI and cyber security here.
With the latest Cyber Security Breaches Survey showing that 43% of micro businesses and nearly two-thirds of SMEs now hold a cyber security policy, it’s clear that more SMEs are taking prevention seriously. And with the average cost of a breach reaching £10,830 for small businesses, these measures aren’t just box-ticking.
Putting a clear policy in place and reinforcing it through regular meaningful training reduces exposure to both operational disruption and financial loss, helping businesses stay resilient in an increasingly hostile digital landscape.
Dan Martin Small business journalist, event host
Latest articles
Find Out More
Inspire your team to start thinking differently about the future of your business
Help to Grow: Management Essentials is a free online course that provides the essential concepts required for business growth.
