4 in 10 Small Businesses have experienced Cyber Attacks in the last year

Four in ten micro and small businesses (38 per cent) and a quarter of charities (26 per cent) report having cyber security breaches or attacks in the last 12 months.

Two in five businesses (38 per cent) and a quarter of charities (26 per cent) report having cyber security breaches or attacks in the last 12 months, according to new figures from the Government’s 2021 Cyber Security Breaches Survey.

The survey’s report also shows that despite more small business owners saying that cyber security is a high priority (77%), just 13% of smaller business are training their staff. It’s so important to keep your staff trained, the pandemic has seen more staff than ever working from home. And with 47% of staff using personal devices for work, the survey found just 33% have a VPN when remote working.

Keep digital environments secure is more challenging as organisational resources are stretched to enable home working for staff and companies are falling behind in ensuring the right cyber securities are in place. Just 31% of micro and small businesses have a cyber security policy in place, which is down from 37% in 2020.

The government is continuing to encouraging businesses, charities and educational institutions to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). It includes advice on the secure use of video conferencing, secure home working and how to move your business from physical to digital. This week the CRC has updated our guidance specifically to help educators boost their cyber resilience.

We Recommend:

“The pandemic has taken an unavoidable toll on British businesses but we cannot let it disrupt our high cyber security standards. With more people working remotely it is vital firms have the right protections in place, and I urge all organisations to follow the National Cyber Security Centre’s expert guidance so we can build back better and drive a new era of digital growth.” Digital Infrastructure Minister Matt Warman

The government is clear in its support of a prosperous digital economy, with their investment of £1.9 billion to support the National Cyber Security Strategy.

How can micro and small businesses improve their cyber resilience?

It's important your staff are aware of the latest cyber security threats, we offer small businesses the chance to join us for monthly webinars. Our events calendar in the coming months is focusing on the topics of; cyber security myths, Implementing strong cyber security foundations, securing your office and understanding your digital footprint.

Your business can also encourage your staff to sign up for our free core membership which shares the latest guidance, news and security updates that have been tailored for businesses who are based in Greater Manchester and the North West.

Our Business Starter Membership which supports your business for a 12 month period also includes Cyber Awareness Training for 2 staff members (if you have a bigger team, our Business Premium Membership allows that training to be delivered to up to 8 members of staff).

It’s important your staff are educated regularly in the changing cybersecurity landscape, the CSBS survey highlighted that just 14% of businesses said they had trained staff on cyber security. Unprepared staff are at a heightened risk of being caught unaware when working from home, returning back to the office or when starting a new job.

Just 18% of micro and small businesses have heard of the NCSC’s Small Business Guide, which breaks down cyber security recommendations into individual steps, and includes response and recovery guidance which outlines how to prepare, manage, resolve and report a cyber incident if one does occur.

If you are part of the 87% of micro and small businesses that haven’t heard of Cyber Essentials, we’d encourage you to learn more about how achieving Cyber Essentials allows you to guard your organisation against the most common cyber threats and helps you to demonstrate your commitment to cyber resilience for your customers and staff.

Ready to prepare your staff with security awareness training? Contact us today to learn more.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.


Cyber Resilience Centre GM, Manchester Technology Centre, Oxford Rd, Manchester, M1 7ED

0161 706 0940


Registered in England & Wales No.12309263.



  • LinkedIn
  • Twitter
Greater Manchester Logo Light.png

© 2021 - The Cyber Resilience Centre for Greater Manchester