Vodafone Urges Cybersecurity Reform to Protect UK SMEsIn a bid to combat the growing cyber threat facing small businesses, Vodafone Business has unveiled a series of Vodafone cybersecurity recommendations for UK SMEs. These include reforms to existing government schemes like Cyber Essentials and new tax incentives to support greater investment in cybersecurity infrastructure.
According to Vodafone’s new report, Securing Success: The Role of Cybersecurity in SME Growth, published on April 7, 2025, weak cybersecurity measures are costing UK small and medium-sized enterprises (SMEs) an estimated £3.4 billion ($4.4 billion) each year. The average cost of a single cyber-attack is £3,398 ($4,370), rising to over £5,000 ($6,425) for businesses with more than 50 employees.
SME Cybersecurity Deficiencies Highlight Growing Risks
The report reveals that 35% of UK SMEs experienced at least one cyber-attack in 2024. Notably, 28% of small businesses were targeted between one and five times, while 6% suffered up to 10 cyber-attacks in a single year.
Vodafone’s findings highlight a troubling gap in cybersecurity preparedness. Over half (52%) of SME employees have never received cybersecurity training, and nearly a third (32%) of SMEs have no cybersecurity protections in place. Furthermore, 60% allow remote work on personal IT devices, with 20% of remote workers having been targeted by cybercriminals.
Common cyber threats include phishing, ransomware, distributed denial-of-service (DDoS) attacks, and water holing. Phishing alone impacted 70% of SMEs in the past year.
Vodafone Pushes for Policy Overhaul and Targeted Support
Vodafone Business issued multiple policy recommendations aimed at helping SMEs strengthen their cyber defenses. Among them is a call for a complete review of the Cyber Essentials scheme, which has not been updated since 2022. Vodafone criticized the program’s limited reach and proposed that cybersecurity awareness be integrated into key business activities like tax submissions and employee data reporting.
The company also recommended extending the Cyber Local funding scheme, noting that most grants awarded so far have not been SME-focused. The government had announced £1.9 million in joint public and private funding for 30 Cyber Local projects earlier this year, but Vodafone says more targeted allocation is needed.
To support long-term investment, Vodafone urged the government to introduce tax incentives such as R&D tax credits and full expensing for cybersecurity-related hardware and software. It also proposed creating a specific capital allowance category for cybersecurity to simplify access to tax reliefs.
Boosting Collaboration and Offering Direct Support to SMEs
Another key recommendation was to enhance public-private partnerships, allowing smaller businesses to benefit from the expertise of larger firms with dedicated cybersecurity risk management structures.
In a more immediate move, Vodafone Business is offering SMEs a free one-month trial of CybSafe, a cybersecurity platform that provides training and educational modules to help staff identify and respond to threats such as phishing and ransomware attacks.
