Cyberattacks are no longer limited to major corporations, small and medium-sized businesses (SMEs) across the UK, including here in the East Midlands, are increasingly being targeted.
New research from Vodafone Business reveals that UK SMEs lose a staggering £3.4 billion annually due to poor cybersecurity. And closer to home, the East Midlands is far from immune; 29% of SMEs in the region reported experiencing a cyberattack last year, with the average cost per incident reaching £1,559.
This week, high street giant M&S confirmed it has been managing a ‘cyber incident’ for several days. While details remain scarce, customers reported Click & Collect disruptions and temporary issues with in-store returns, suggesting a serious internal systems compromise.
Though M&S quickly reassured customers that stores remain open and that its website and app are functioning normally, the attack highlighted a stark truth: even well-resourced organisations with dedicated IT teams can be vulnerable.
Nationally, over a third (35%) of SMEs suffered at least one attack in 2024 alone, and 6% experienced up to 10 breaches. Yet despite the clear threat, many businesses remain underprepared. Joe Burns, Co-Founder of Reformed IT, says:
“The financial loss is just the tip of the iceberg. The real damage is the erosion of customer trust, reputational harm, and operational disruption. In some cases, businesses never fully recover. M&S, with its extensive resources and immediate access to cybersecurity experts, is likely to recover quickly. But most SMEs aren’t so lucky.”
And the threat landscape is evolving fast. Artificial intelligence is increasingly being weaponised by cybercriminals, allowing them to scan for vulnerabilities, breach defences, and launch ransomware attacks with little effort or expertise. According to Burns:
“AI may be transforming industries for the better, but in the wrong hands, it becomes a serious threat.”
