Skip to main content

Two-thirds of UK SMBs lack actionable cybersecurity strategies despite growing threats, according to Kaspersky report

6 November 2025

Small and medium-sized businesses (SMBs) across the UK are struggling to turn cybersecurity plans into practice, according to new research from Kaspersky. The findings reveal that 67% of UK SMBs lack fully actionable cybersecurity strategies, with many acknowledging a gap between their theoretical plans and real-world implementation. This shortfall leaves a majority of businesses vulnerable to an increasingly sophisticated cyber threat landscape.

The research also highlights a disconnect between executives and IT leaders on the importance of cybersecurity. Nearly a quarter (22%) of IT leaders say that C-level executives in their organizations do not fully understand the strategic value of cybersecurity, slowing progress towards effective, organisation-wide protection.

Despite these obstacles, many SMBs recognize the need for outside expertise. More than a third (38%)are now seekingexternal cybersecurity partners who can help build long-term, sustainable protection strategies. Rather than relying on ad hoc solutions, SMBs increasingly want trusted partners who can provide continuous awareness training, immediate incident response and transparent advice.

“Cybersecurity can’t remain a theoretical exercise,” said Oscar Suela, General Manager, Iberia, UK & Ireland at Kaspersky. “Our findings show that while many SMBs have well-intentioned strategies, these often stay on paper. To close the gap, organisations must turn plans into action, embed security into everyday operations, and ensure leadership and IT are fully aligned in their approach.”

To help businesses strengthen their cyber resilience, Kaspersky recommends:

  • Turning plans into action: Implement practical, measurable security measures that are fully integrated into daily operations.
  • Investing in awareness and education: Empower employees through ongoing cybersecurity training to reduce human error and insider risk.
  • Embedding cybersecurity into business culture:Treat security as a fundamental part of operations, not just an IT responsibility.

Kaspersky offers dedicated solutions to support SMBs in building stronger defences. For instance, for very small businesses that do not have an IT administrator, Kaspersky Small Office Security offers hands-off protection through its “install and forget” setup, whereas Kaspersky Next combines strong endpoint protection with EDR and XDR capabilities, giving businesses of any size and industry the tools to detect, investigate and respond to threats in real time.

For this survey Kaspersky commissioned Arlington Research to carry out an online self-complete survey with decision makers whose role involves cybersecurity in a significant way, working for organisations with less than 500 employees in Europe and Africa in August and September 2025. Arlington conducted a total of 820 interviews with this audience (Europe: 600; Africa: 280; 60 interviews each: Germany, Austria, Switzerland, UK, France, Italy, Spain, Greece, Romania, Serbia, Morocco, Algeria, Tunisia, and Cameroon; 20 interviews each: Senegal and Ivory Coast).

Two-thirds of UK SMBs lack actionable cybersecurity strategies despite growing threats, according to Kaspersky report

Small and medium-sized businesses (SMBs) across the UK are struggling to turn cybersecurity plans into practice, according to new research from Kaspersky. The findings reveal that 67% of UK SMBs lack fully actionable cybersecurity strategies, with many acknowledging a gap between their theoretical plans and real-world implementation. This shortfall leaves a majority of businesses vulnerable to an increasingly sophisticated cyber threat landscape.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Related Articles Press Releases