UK small and medium-sized businesses are being warned to urgently strengthen their cybersecurity measures amid a growing wave of politically driven cyberattacks linked to escalating global tensions, particularly the Iran-Israel conflict.
The warning follows a recent Sky News investigation that uncovered a surge in cyber incidents targeting UK companies across various sectors. At the NATO Summit this week, Prime Minister Sir Keir Starmer called on businesses of all sizes to “take immediate steps to review and strengthen their defences.”
Experts say the warning may come too late for some. Clinton Groome, CEO of cybersecurity and IT services firm Espria, cautioned that neutral businesses are increasingly seen as low-risk, high-impact targets for cyber threat actors.
“As global conflicts escalate, attackers are exploiting digital vulnerabilities with growing frequency,” Groome said. “Waiting for government alerts is no longer an option. Businesses need to take the initiative now.”
While much of the focus is on digital infrastructure, Groome stressed that people, not just systems, are at the heart of an organisation’s defence. Human error remains the top security weakness, yet cyber awareness training is still lacking across the SME sector. Research from BT shows that nearly 39% of UK SMEs — approximately two million firms — have yet to offer any formal cybersecurity training to staff.
“Attackers are banking on fear, distraction, and confusion to breach systems,” Groome warned. “Cybersecurity starts with awareness. Before investing in software, organisations need to empower employees to recognise and respond to threats.”
He recommended that SMEs implement organisation-wide awareness initiatives such as simulated phishing campaigns, response drills, and regular cyber hygiene refreshers. The aim, he said, is to foster a security-conscious culture where employees feel confident reporting suspicious activity.
Groome also flagged the upcoming end of support for Microsoft Windows 10 in October as a critical vulnerability, urging businesses to migrate to Windows 11 to avoid being left exposed to unpatched threats.
Key technical safeguards include multi-factor authentication (MFA), timely system updates, and securing Internet of Things (IoT) devices. He further emphasised the need for “cyber observability” — monitoring systems in real time to detect anomalies like suspicious logins or repeated MFA requests.
“Security is a team sport,” Groome said. “Siloed systems can’t defend a business. Integrated, real-time insight can.”
Acknowledging that many SMEs lack the internal resources to implement comprehensive security solutions, Groome encouraged partnerships with managed service providers to fill the gap.
“Cyber resilience is essential for survival,” he said. “With the right tools, training, and expert support, SMEs can protect themselves in an increasingly hostile digital landscape.”
