Small and medium-sized enterprises (Smes) Employing Number of People in the UK, and are especially vulnerable to cyber attack, often feeling on their own.
In a Session at this week's infosecurity europe 2025 Conference in London, Steven Furnell, Professor of Cyber Security at Notingham University, will relay the findings of a research project called Cycos – Cyber Communities of Support – A Collection Between Nottingham and Queen Mary and Kent Universities, Supported by a Variety of Partners Including The Home Office, The National Cyber Security Center, IASME, ISME, ISC2, Ciisec and Three Regional Cyber Resilience Centers.
Basing themselves on Figures from the Federation of small businessesThe Cycos Researchers Say that 5.5 Million Smes Constitute 99.9% of UK Businesses, Employing 60% of the Workforce. Many outsource their security – 56%, according to the cyber security breaches survey of 2024.
The Cycos Project Started in September 2023 and is due to Finish in February 2026.
Its Initial Research Efort Took The Form of a Survey of 374 UK Smes. It found that 23% Had Difential Finding Cyber Security Advice and Support, 26% Found Such Advice Hard to Understand, and 20% found it hard to put it into effect.
One Cycos Respondent called
The researchers also spoke to over 30 provides of advice. From that, they also allicated some verbatim feedback. One Said: “Certainly with the smes, [engagement] is off the back of an incident. They're certainly not very proactive, because, frankly, they've got other business pressures ”. Another said:” What we're actually see on the street is a very basic Cyber Hygiene, “A third stated:” This idea of having some sort of bridge, where smes are alive to find us, and likes we can find itd them… Being more collaborative with others, is suishwa wish was a litter. “
Barrier to entry
In the session at infosecurity europe 2025, furnell will say that which will a wealth of information is potentially available available to smes, even Navigating the landscape can represent a barrier to entry. This has the cleared potential to impact them, but it can also have a Cascading impact on larger organisations where smes form part of their essential supply chains, as they ofteen do.
In a pre-conference interview with computer weekly, furnell said smes “someimes thoughts thought they were very much alone in this. Money.
“They recognize cyber security should be on their ageda and is on his radar,” He said. “But they've got constraints and challenges that prevent them from dealing with it. No big news here, but they don't have the same level of Resourns of Time, Expertise and Money.”
The research project ends in February 2026. Paper in computers and security“Investigating the experiences of providing cyber security support to small and medium-sized enterprises”.
In the paper, they conclude: “There is a vast amount of cyber security related content aimed at smes, and our findings reveal provides are playing an assisted, an assistantanding, education and immersion of Cyber Security Defense.
Additionally, Smes have low knowledge levels and are hamphed in their efforts due to comprehension, capability, attitudes and resources whilst provides factor When deliverying this support. “Insights from Data Reveal Several Opportunities for Improvement Can Be Realized Through the Creation of Security-Focused Communities that Can Provide Support, Collection and Learning,”
The Practical Goal of the Cycos Project is to Help establishment communities of support
“What We're Trying to do with the Communities of Support Idea is Bring Smes and Providers Togeger to Make it Feel More Like a Peer Community, Particularly Amongst the Sms
“So, if they're wanting to get advice from the Horse's Mouth of somebody else who's experience an attack, they can ask an sme in their region, or perhaps in their sector or smes sitting in the suply Chain. “
Furnell is speaking along Institute of Information Security, At Infosecurity Europe on Wednsday 4 June,