Close Menu
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing & Mental Health
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
X (Twitter) LinkedIn YouTube
Trending
  • New Accountancy Practice Helps SMEs Turn Financial Clarity into Business Growth
  • Next generation of Lionesses at risk, as girls’ grassroots football chronically underfunded
  • Don’t pay the ransom: Warning to organisations to protect themselves from ransomware attacks as more than 320 businesses affected last year
  • You’ve been using Excel wrong this whole time
  • A Champion of Business, Networking and People
  • Are Businesses Paying More to Go Green? Energy Experts Weigh In
  • Lender Launches £5,000 Grant To Champion SME Growth
  • Compliance is the biggest barrier to companies engaging with freelancers 
X (Twitter) LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
  • Travel
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • Twitter
  • LinkedIn
  • YouTube
  • RSS
You are at:Home»Technology»Why it’s essential SMEs boost security measures beyond Cyber Essentials+
The Encryption Revolution for Credit Scoring

Why it’s essential SMEs boost security measures beyond Cyber Essentials+

1
Posted By sme-admin on July 29, 2025 Technology
Author: Glen Williams CEO at Cyberfort
Author: Glen Williams CEO at Cyberfort

With cybersecurity being a priority in every boardroom, SME business leaders are particularly pressurised, with lower budgets than their larger counterparts. Threat levels are high, with as many as 43% of businesses and three in ten charities experiencing some kind of cyber security breach or attack in the last 12 months.

Beyond resources, there could also be another key barrier to SMEs taking adequate cybersecurity action. It seems friction amongst leadership is creating a divide in business with lack of a CISO or cybersecurity representative at board level being common. This cavalier approach may leave companies wide open to successful breaches.

In fact, the UK Government Cyber Security breaches 2025 report reveals that board level responsibility for cyber security at company director level has decreased from 38% to 27% over the last four years. Despite almost three quarters (72%) of business respondents seeing cyber security as a ‘high priority’ it indicates a clear disconnect between the board responsibilities required and cyber security reality that puts the entire business at risk.

While security professionals are fluent in technical jargon or threat models, their business leader peers talk about bottom-line impact, and board-level implications. The effect on strategy is that critical security concerns may be downplayed, misunderstood or, at worst, ignored.  This means keeping up with the latest strategies to counter threats is essential.

The risk of cybersecurity complacency at board level

 With more CISOs stepping away from the boardroom, and in an increasingly active and intelligent cyber threatscape featuring ransomware and highly targeted social engineering attacks, it’s likely that their board director peers aren’t qualified to step up to the ownership of cyber security responsibilities.

AI-driven threats are introducing new challenges for the development of overall corporate security policy. AI requires a different approach to cyber security than the traditional cyber security methods employed. Security policies will need to be reviewed and revised on a regular basis, to ensure the safe and responsible use of AI within an organisation to protect its biggest assets – data and people.

Added to this, Cyberfort’s own customer research has revealed a concerning complacency – that many businesses consider a Cyber Essentials Plus (CE+) certification sufficient to keep their organisation secure and fulfil board requirements. With high profile breaches continuing to dominate the media agenda, this is a high-risk strategy.

Limitations of CE+

 The cybersecurity needs of today’s business have superseded the Government-backed certification scheme launched in 2014, Cyber Essentials Plus (CE+), which was recommended as the minimum standard of cyber security for organisations. Although CE+ covers basic areas which might previously have been sufficient to counter cyber risks – patch management, access control, malware protection, secure configuration, and boundary firewalls – it lacks information on real-time threat detection and response, which is an essential tool for the earliest threat detection.

CE+ wasn’t designed to protect organisations against advanced persistent threats (APTs), targeted attacks, or any evolving techniques by criminal groups, which are so prevalent today. According to the UK Information Commissioner’s Office (ICO), over 80% of successful cyber incidents begin with phishing, yet CE+ has no requirements around simulated phishing or awareness training beyond general advice.

Costs and consequences of gaps in protection

There are some serious risks for SMEs investing in and relying on CE+ alone. To start with, there are hefty fines payable for non-compliance, with the average ICO fine for a serious cyber incident in the UK being £153,722 in 2024.

Insurers are also upping their demands, with some underwriters insisting on evidence of 24/7 monitoring and incident response plans to stay covered. Business partnerships are also becoming dependent on a company’s cybersecurity posture, with rising expectations of ISO 27001 or sector- specific certifications such as NHS DSPT or PCI-DSS compliance.

With significant risks and responsibilities to protect a business’ data and people, it is essential to have information security representation at board level. Research by the World Economic Forum shows that those organisations that have strong executive involvement in cybersecurity are 400% more likely to repel or rapidly recover from an attack.

The consequences of a breach in terms of reputational and financial damage can’t be ignored. Hiscox’s 2024 Cyber Readiness Report reveals that almost half (47%) of organisations struggled to attract new customers following a successful cyber attack. The costs and recovery time can also be extensive. In 2024, the average ransomware incident led to 21-24 days of downtime and cost $2.73 million, according to NinjaOne.

 Five ways to elevate cybersecurity protection

 In taking the following cybersecurity measures, SMEs will have the best chance of being protected in the event of a cyber attack:

 Real-time threat detection and response – The use of Security Operations Centres (SOC), Security Information Event Management (SIEM) platforms, and Endpoint Detection and Response (EDR) are the most effective ways to counter a cyber attack.

  • Phishing and social engineering resilience – This is the only way of outsmarting social engineering attacks where emails are highly personalised and look like they are coming from a known person.
  • Cloud and hybrid environment protection – CE+ still assumes a traditional network perimeter, ignoring many risks associated with modern SaaS, IaaS, and BYOD environments. The complexities of growing ecosystems are allowing vulnerabilities to grow.
  • Business continuity and incident response planning – Almost unbelievably, there is no requirement under CE+ to prove you can recover from a ransomware attack or data breach. Inclident response planning is the only way to fully understand potential risk.
  • Third-party and supply chain risk – Attackers often access their targets through exploiting third party vendors or contractors. As CE+ does not assess or govern these relationships, it’s up to each business to engage with their supply chain to fully understand risk levels.

Key steps that cyber security leaders must take

 To ensure a cohesive and effective cybersecurity strategy that can counter today’s cyber threats and stay compliant, information security decision-makers must take four key actions:

  1. Ensure board-level oversight of cyber risk through regular briefings, KPIs, and executive ownership
  2. Commission an independent cyber risk assessment that goes beyond Cyber Essentials+
  3. Invest in detection and response capabilities – whether in-house or outsourced
  4. Adopt a recognised security framework such as the NCSC’s Cyber Assessment Framework, NIST Cyber Security Framework(CSF) 2.0, or ISO 27001

 Ensuring strategies align to today’s cyber threats

With AI introducing a new complexity to cybersecurity threats, business leaders must keep up with the latest tactics, such as advanced detection capabilities, to identify threats as they arise. This means going beyond CE+ and adopting new tools and measures aligned to their risk levels.

While CE+ is a strong starting point for SMEs, it’s not enough. Business directors and cyber security teams must unite to elevate their security approach and defend what’s theirs in an increasingly hostile threat landscape.

Author: Glen Williams CEO at Cyberfort

 

 

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Don’t pay the ransom: Warning to organisations to protect themselves from ransomware attacks as more than 320 businesses affected last year

Fintech Revenues Hit $650B Globally But Europe Is Still Leaving Money on the Table

Why weak passwords are a bigger business risk than you think

1 Comment

  1. Pingback: Why it’s essential SMEs boost security measures beyond Cyber Essentials+ - Cyberfort

Follow SME Today on Linkedin and share all the topics you find interesting
Porsch Reading – Find Your Perfect Business Partner
Mastermind9
Events Calendar
    July 9, 2026 8:30 am

    The AI Edge Masterclass

    November 26, 2026 10:00 am

    South West Expo Swindon

  • Marketing
June 25, 2026

How Brands Can Rank in AI Search Without Buying Ads

June 23, 2026

How To Market A Restaurant

  • Finance
July 9, 2026

New Accountancy Practice Helps SMEs Turn Financial Clarity into Business Growth

July 8, 2026

Are Businesses Paying More to Go Green? Energy Experts Weigh In

  • People
July 8, 2026

A Champion of Business, Networking and People

June 20, 2026

It’s Award Season For The Fd Consultant!

  • Health & Safety
June 29, 2026

Health & safety violations costing British firms £44m annually

March 16, 2026

Health & Safety Trends To Look Out For In 2026

  • Events
June 29, 2026

Great British Expos Postpones South West Expo Due to Extreme Heat Forecast

June 16, 2026

Why Every SME Needs an AI Strategy — Not Just AI Tools

  • Community
June 19, 2026

Founders charity dinner set to raise funds for epilepsy care

June 17, 2026

Award-Winning Charity Launches New Initiative To Connect Local Organisations

  • Food & Drink
June 23, 2026

How To Market A Restaurant

June 23, 2026

From Corporate Comfort to Cultural Opportunity: The Bunta Beer Journey

  • Books
June 2, 2026

Build a Business So Good You’d Be Mad to Sell It

January 21, 2026

The CEO Mirage: Exposing the hidden traps that take smart leaders down

The Newsletter

Join our mailing list for the best SME stories, handpicked and delivered direct to your inbox every two weeks!

Sign Up
About

SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

Join Our Mailing List

Receive the latest news and updates from SMEToday.
Read our Latest Newsletter:


Sign Up
X (Twitter) YouTube LinkedIn
Categories
  • Books
  • Business
  • Community & Charity
  • Education and Training
  • Environment
  • Events
  • Features
  • Finance
  • Food and Drink
  • Health & Safety
  • HR & Recruitment
  • In Profile
  • Legal
  • Marketing
  • News
  • People
  • Property & Development
  • Sponsored Content
  • Technology
  • Transport, Travel & Tourism
  • Wellbeing & Mental Health
Magazine Information
  • About SME Today
  • Editorial Submission Guidelines
  • Advertising
  • Privacy
  • Contact
Copyright © 2025 SME Today.
  • About SME Today
  • Editorial Submission Guidelines
  • Advertising
  • Privacy
  • Contact

Type above and press Enter to search. Press Esc to cancel.

Subscribe Now!

Sign up for a FREE subscription and receive the latest news, features and updates from SMEToday:

I am interested in:
 

Thank you for subscribing to SME Today! We're thrilled to have you join our community. To complete your subscription, please check your email and click on the confirmation link. If you don’t see the email in your inbox, be sure to check your spam or junk folder. We look forward to sharing exciting news, updates, and exclusive content with you!

Join our mailing list to receive the latest news and updates from SMEToday
Read our Latest Newsletter: