Cyber security threats are a concern for businesses of all sizes. For SMEs, a serious data breach can be an existential threat. For large corporations, a cyber attack can cause costly disruption, business interruption and brand perception damage among customers. As cyber attacks become more complex, the importance of effective cyber security measures continues to grow across all sectors.
Statista Reports that the global cost of cybercrime reached $9.22 trillion in 2024 and is likely to rise by half to a worldwide total of $13.82 trillion by 2028. With this rising cost in mind, let’s take a look at some of the top cyber threats faced by businesses in the UK, along with the impact on cyber security for small businesses in the coming years.
1. AI-Powered Cyber Threats
Artificial intelligence (AI) is one of the biggest trends across the board. Unfortunately, that includes AI-powered cyber security threats AI-powered cybersecurity threats.
Using AI, cyber criminals can identify targets, create convincing phishing materials and impersonate real individuals’ tone of voice (and in some cases, their actual voice in AI-generated audio recordings). By removing the need for human involvement, AI allows cyber threats to be scaled up massively. The same scam call or email can be sent to a vast number of businesses in a short space of time, even being tailored to each recipient in a fraction of a second.
AI Cyber Security for Small Businesses
The UK government’s Cyber Security Breaches Survey 2025 highlights that AI is a worry for businesses and non-profits alike. One IT manager from a medium-sized business told the survey: “I think it’s going to get more and more difficult with what’s out there with AI. I think there’s more for us to do to protect the end-user and educate them.” At the same time, behavioural AI is helping small businesses to fight back by spotting dangerous trends and anomalies in massive data sets, enabling a new generation of smarter cyber security solutions.
With the help of AI and good preparedness, recovery from cyber security breaches can be rapid too: 92% of businesses told the survey they restored operations within 24 hours and 77% said it took them “no time at all” to continue with their work.
2. Rise in Ransomware Attacks
Ransomware attacks occur when malicious software is installed on a company’s computer systems. This encrypts essential data and displays a message to instruct the company’s owner or IT manager to pay a ransom, often via cryptocurrencies like Bitcoin. The Cyber Security Breaches Survey 2025 found a significant increase in ransomware attacks between 2024 and 2025, doubling from 1 in 200 businesses to affect 1 in 100 respondents in the second half of 2024.
Nearly 20,000 firms in the UK were impacted by ransomware during that time, indicating the importance of including ransomware preparedness in any cyber security risk assessment.
3. Supply Chain Vulnerabilities
Supply chain risks are nothing new, and the vast majority of UK businesses have been affected in recent years from disruption caused by Brexit, COVID-19, international tariffs and the war in Ukraine. But very few are factoring supply chain vulnerabilities into their planning to mitigate cyber security threats. Just one in seven (14%) said they check the risks arising from their immediate suppliers, and half that number are auditing their wider supply chain for cyber threats.
Continuity is one of the five Cs of cyber security, and supply chain vulnerabilities have a direct impact on business continuity for companies of all sizes. With so few firms already making this a priority, planning for supply chain cyber threats could be a good way for SMEs to gain a competitive advantage.
4. Advanced Phishing and Social Engineering
Phishing is closely linked with the rise of AI, which is making attacks more sophisticated. Large language models (LLMs) allow the creation of chatbots capable of holding natural-sounding conversations and gradually coaxing an unaware individual into committing a data breach. Nearly all businesses affected by cyber crime in the second half of 2024 experienced a phishing attack. The UK government’s survey revealed that 93% of businesses and 95% of charities that were victims of cyber crime in that time were targeted by phishing.
Almost half (45% of profit-making businesses and 46% of non-profits) said phishing was the ONLY type of attack they had experienced when falling victim to cyber attacks. Phishing attacks are considered the most disruptive type of cyber threats by nearly two thirds (65%) of businesses, reinforcing the need for SMEs to take phishing, impersonation and other cyber risks seriously.
5. Cloud Security Challenges
Increased use of cloud computing, remote working and sharing data with supply chain partners has all increased the challenge of maintaining cloud data security. Some progress has been made in this area, as the Cyber Security Breaches Survey 2025 showed. Some of the main measures taken by businesses to improve their data security include:
- Updated malware protection (77%)
- Password policies (73%)
- Network firewalls (72%)
- Secure cloud data backup (71%)
- Restricted admin rights (68%)
But the survey also found that some additional methods to protect data security are only being adopted by a minority of businesses:
- Two-factor authentication (40%)
- Virtual private network (VPN) for remote workers (31%)
- User monitoring (30%)
Businesses keen to improve can fight back against cloud security risks via Security as a Service (SECaaS), which in its own right is a cloud-based model to deliver subscription-based cyber security for small businesses.
6. Targeted Threats to Small Businesses
All of this is leading to specific cyber threats for small businesses, who may have less robust data security policies in place, or may lack the budget and expertise to improve cyber security in-house. The UK government survey noted this, saying that “among some of the smaller businesses interviewed, the responsibility of cyber security was being passed on to external contractors” and that this left some senior managers disengaged from the topic. It’s always a good idea to understand the preventative measures in cyber security taken by any outsourced provider, so you can reinforce them with better awareness among your workforce – especially in a climate of social engineering and targeted phishing attacks.
That’s why at Venom IT, we encourage you to ask questions about cyber security, and work closely with our clients to ensure that the measures we take on your behalf are clear and transparent.