Why SMBs Must Prioritise Cybersecurity: Lessons from Recent UK Retail Attacks

Recent cyberattacks on major UK retailers like Marks & Spencer, Co-op, and Harrods have highlighted that no organisation is immune to cyber threats. While these incidents involved large corporations, they serve as a crucial reminder for small and medium-sized businesses (SMBs) to assess and strengthen their cybersecurity measures.

The Misconception: “We’re Too Small to Be Targeted”

A common belief among SMBs is that their size makes them less attractive to cybercriminals. However, this misconception can lead to complacency. In reality, SMBs often lack the robust security infrastructures of larger organisations, making them easier targets.

According to the UK’s Cyber Security Breaches Survey 2025, 42% of small businesses experienced phishing attacks in 2024, and 67% of medium-sized businesses faced similar threats. Even this figure seems low, a similar survey by BackupVault on its own customers shows almost 95% have been subject to phishing attempts.

SMBs as Gateways in Supply Chain Attacks

Cybercriminals increasingly exploit SMBs as entry points for larger supply chain attacks. By compromising a smaller business with weaker security, attackers can infiltrate connected networks, leading to broader breaches. These attacks are particularly insidious, as they often go undetected until significant damage has occurred.

Real-World Impacts: The Cost of Cyberattacks

The recent attack on Marks & Spencer disrupted online orders, a revenue stream generating £3.8 million daily, and led to a £700 million drop in market value. Similarly, Co-op faced operational disruptions and admitted to data breaches affecting customer and employee information. These incidents underscore the financial and reputational damages that cyberattacks can inflict.

Proactive Measures for SMBs

To mitigate cyber risks, SMBs should consider the following steps:

1. Implement Robust Data Backup Solutions: Regularly backup critical data (including servers, VMs, Microsoft 365, Google Workspace) to secure, off-site locations. This ensures business continuity in the event of data loss or ransomware attacks. Ensure that the backups are immutable and cannot be changed or altered.
2. Adopt Cybersecurity Best Practices: Utilise strong passwords, enable multi-factor authentication, and keep software up to date to protect against common threats. The National Cyber Security Centre is an excellent resource to help SMBs improve their security posture.
3. Educate Employees: Conduct regular awareness training sessions to raise awareness about phishing scams and other cyber threats. Often, the easiest way for an attacker to breach a network is simply to sweet-talk an employee to give away vital information.
4. Consider Cyber Insurance: Whilst insurance cannot prevent a breach, the financial pain can be mitigated. Costs such as customer notification, legal fees, restoration and disaster recovery can be paid for.
5. Develop an Incident Response Plan: Prepare a clear action plan to respond swiftly to security breaches, minimising potential damages. Ensure that your Business Continuity and Disaster Recovery plans are up to date.
6. Invest in Enhanced Security Services: A basic firewall and antivirus are now not enough. Invest in EDR/MDR solutions for complete visibility. The latest MDR can also advise on weak points within a cloud-based environment, such as 365 or Google Workspace. Learn more about Endpoint Detection and Response.

Conclusion

Cyber threats are an ever-present risk, regardless of a company’s size. SMBs must recognise their vulnerabilities and take proactive steps to safeguard their operations. By prioritising cybersecurity and implementing comprehensive data backup strategies, businesses can enhance their resilience against potential attacks.

BackupVault: Helping SMBs Stay One Step Ahead of Cyber Threats

At BackupVault, we recognise that cybersecurity is no longer optional—especially for small and medium-sized businesses. Our comprehensive backup, detection, and training solutions empower SMBs to defend against evolving threats, reduce downtime, and protect critical data. Together, we can build stronger, more resilient businesses prepared for today’s digital challenges.