UK SMEs have experienced a surge in daily cybersecurity warnings over the last year, according to a new report.
The volume of cyber security warnings rose from 597 in 2023 to 815 in 2024 – up 37% – found research from cybersecurity provider Censornet.
Security professionals are being left with just 87 seconds to review each security incident and decide what is a genuine threat.
Private sector organisations were hit harder by the tsunami of cyber threats, receiving 18% more alerts than their public sector counterparts. As threat levels rose, IT teams also showed signs of shrinking – the mean size of each security team at the beginning of 2024 was 2.63 people, slightly down from 2.7 people in 2021.
The findings – based on insights from 200 UK-based IT and security leaders – revealed that cyber incidents are hitting SMEs from all sides, with two in five taken offline. For one in seven of those, the outage lasted more than a day.
Data loss hit almost two in five SMEs, a 13% jump since 2021, while nearly a third also lost data due to user error in the last 12 months and 27% lost data due to disgruntled employees.
One in five fell victim to ransomware, with a third paying out after a ransomware attack. The average payout stood at £139,368. One in five were subjected to a regulatory fine as a result.
Security professionals regularly work out of hours to keep up, with 38% called at night and 34% having their holiday interrupted.
A third feel unable to cope. The unsustainable workload risks UK SMEs suffering from significant financial, operational and reputational damage, with only 60% of alerts fully investigated.
“Cybersecurity professionals are working hard to discern genuine threats from noise – sacrificing sleep, holidays, and career stability,” commented Ed Macnair, CEO of Censornet. “With SMEs forming the lifeblood of the UK economy, it’s imperative to simplify and bolster their resilience against rising cyberthreats, leaning into new technologies, such as AI, to help.”