Research reveals the top five SME cybersecurity worries for 2025

AI-generated attacks are the biggest cyber security worry for UK SMEs this year, according to Mapping the UK SME Cyber Security Landscape in 2025, a new piece of independent research commissioned by Six Degrees, the secure, integrated cloud services provider.

  • Thursday, 16th January 2025 Posted 2 months ago in by Phil Alsop

Over a third of respondents (35%) cited AI-related threats as their top concern, outranking malware (25%), scams and other fraud (25%), phishing (25%), and ransomware (23%).

Other threats outside the top five, such as insider threat, zero-day vulnerabilities, and denial-of-service attacks, still present a significant danger. These rankings raise the question of whether continued AI-related hype has led respondents to overstate the technology's impact on the cyber threat landscape, potentially leaving them exposed to other risks.

“SMEs should definitely be concerned about AI-generated cyber-attacks, but that concern needs to be proportionate. For now, AI is an enabler for existing threats rather than a facilitator of new kinds of attacks. So, it’s important to keep focused on those familiar cybercriminal tactics and not lower your guard. Take phishing, for example: AI could be deployed to create highly personalised spear-phishing emails—dramatically speeding up attack rates and volumes. These attacks are likely to be far more effective and sophisticated and, therefore, a much bigger risk” comments Vince DeLuca, Chief Executive Officer at Six Degrees.

He continues: “However, that doesn’t mean lower-ranking threats are less dangerous. The real danger is a lack of in-house skills and resources within SMEs to address all current cyber security threats and spot new attack variants in the future. Respondents allude to this, citing the departure of in-house cyber experts and an inability to hire in-house security experts as two of their biggest cyber security frustrations during 2024.”

The research suggests that SMEs are acutely aware of these issues and are taking steps to address them—often recruiting third-party assistance in the form of managed cyber security solutions. This approach appears to be paying off: almost a third of those who stated they had significantly improved their cyber security posture also reported increased adoption of cyber security tools and solutions, while 20% also reported transitioning to hybrid or multi-cloud environments.

Can AI help IT teams fight cybercriminals, too?

Despite the advantages that AI can create for cybercriminals, respondents overwhelmingly think IT teams will benefit more from AI during 2025 (IT teams, 44% vs cybercriminals, 15%)—and 21% think it has already improved their cyber security.

Vince DeLuca believes that respondents are correct: “It’s still quicker and easier for security teams with the right tooling and expertise to analyse system vulnerabilities than for bad actors to identify them from scratch” he explains. “So, on balance, I think security teams have the advantage, at least at this point—and it’s one they must exploit right now.”

Do reported cyber security improvements stand up to scrutiny?

Almost 90% of SMEs believe their cyber security posture has improved in relation to the evolving risk landscape. But it’s worth sounding a note of caution. Buying a cyber security tool or service does not guarantee improvements to cyber security posture. It’s the beginning of a long journey, not the final destination. With that in mind, SMEs need to take the necessary steps to see if their improvements stand up to scrutiny. That might involve regular security assessments, frequent red teaming exercises, and a robust schedule of penetration testing.

“These solutions require the backing of an actively engaged IT or cyber security team to ensure they are utilised to their full potential. The cyber security tool or service purchase—and its ongoing management—has to form part of a broader strategy that informs business change in every single context. If you don’t re-engineer your organisation to be secure, no amount of tooling will fix it” comments Vince DeLuca.

He concludes: “This is a big ask for IT and cyber security professionals within SMEs, especially as our data suggests they are working hard to protect their organisations from increased cybercriminal activity against a backdrop of skills and resource shortages. This is why many of them seek additional help through third-party support and through the adoption of managed cyber security services—as well as the stronger security baseline afforded by public and hybrid cloud environments.”

Failure to prioritise testing and integrate generative AI tools raises concerns as agentic AI adds pressure.

CIOs 'overspend' on cloud

Posted 4 days ago by Phil Alsop
43% of CIOs say their CEOs and/or board of directors have concerns about their company’s cloud spend.
Research revealed at Coterie Connect event highlights shifting team structures, evolving skills priorities, and urgent training needed for partner...
Endava has launched its latest research report “AI and the Digital Shift: Reinventing the Business Landscape”.

3,000% surge in enterprise use of AI/ML tools

Posted 1 week ago by Phil Alsop
Zscaler has released the ThreatLabz 2025 AI Security Report, based on insights from more than 536 billion AI transactions processed between February...
Over one in four (28%) British small business owners have used AI tools to help run their business.

Tech fragmentation cited as biggest cyber challenge

Posted 1 week ago by Phil Alsop
New Palo Alto Networks data shows 82% of UK organisations confident in their use of AI, despite AI being identified as biggest cyber risk for 2025.
MIT researchers crafted a new approach that could allow anyone to run operations on encrypted data without decrypting it first.