Devastating cyber attacks on big businesses like Jaguar Land Rover and M&S attract the big headlines. But according to the latest research, it is the small to medium enterprises (SMEs) that are hit more often, with SMEs accounting for 81% of all UK businesses that are victims of cyber attacks. According to the UK government’s annual Cyber Security Breaches Survey 2025, 42% of small businesses and 67% of medium-sized businesses experienced a cyber attack or breach in the last 12 months.
The cyber attack on transport firm KNP, serves as a stark warning to others. One weak password was all it took for a ransomware gang to bring down the 158-year old company, with the loss of 700 jobs. Understanding the reasons behind the figures can help SME’s minimise their cyber risks. Smaller businesses are vulnerable for three key reasons: complacency, lack of IT expertise and underinvestment. Small business owners have a false sense of security and poor cybercrime prevention measures because they believe they are too small to be targeted. They may lack dedicated IT security teams, expertise, or the budget to implement the right digital security measures. A lack of a formal cybersecurity policy and incident response plan can also leave businesses at risk.
However, one of the biggest cyber risks can also be a company’s biggest strength: its people. Phishing attacks, when individuals are conned into giving criminals passwords or other sensitive information, account for 85% of identified breaches. Sophisticated hardware and software security means that it is now easier to “hack a human” than a computer system.
Training is the key to effective cyber defence
Effective training is essential in the battle against cybercrime. A rolling programme, where employees are kept up-to-date with the latest threats and best cyber safety practices, can help keep businesses protected. Digital safety measures, such as 2-factor authentication, software updates and proper password use must be understood and workable for everyone in the teams using them.
Emily Lowe, our Head of Technology and Projects, explains why cyber training for teams is so important, “In January 2025, we rolled out company-wide training, giving all colleagues the opportunity to improve their knowledge and competence around emerging cyber threats – some of which we, like many businesses, had already been targeted by. Throughout 2025, we’ve seen a significant shift in colleagues’ awareness of cyber risk, and the feedback we’ve received has been overwhelmingly positive.”
Protecting your supply chain against a cyber-attack
But it can never be a case of “once-and-done” when it comes to dealing with cybersecurity. Businesses must be proactive, as criminals seek to exploit human and system weaknesses for political or financial gain. The truth is that, however big the firm, cybersecurity comes down to the individual. Companies must make sure that everyone in the business, whatever their role, is fully equipped with the knowledge and tools they need to protect themselves in the battle against cybercrime.
Choosing a Cyber Essentials Plus certified transport and storage partner, like Invo Fulfilment, means that the company has digital security measures in place. If your supply chain is only as strong as the weakest link, it pays to choose a fulfilment partner that you can trust. You can find out more about Cyber Essentials and stay up-to-date on key issues on the National Cyber Security Centre’s website.
- The Involvement Group appoints new Director of Operations - January 8, 2026
- Cyber attacks – are SMEs at the biggest risk? - January 2, 2026
- The AI trends transforming logistics safety - December 11, 2025