- Gareth Shaw, Founder of Pera Prometheus Consulting Ltd
Table of Contents
Security threats are not limited to the cyber environment, but it is certainly appealing to threat actors and one of the rising concerns for Industry and Governments due to the large attack surface the prevalence of digitisation has created. The threat is not just a cause of concern to the Industry Primes and larger companies but has extended to directly impact Small Medium Enterprises (SME’s) who are now part of the viable attack path and bearing the brunt (and cost) of the impacts of becoming a ‘target’.
Imagine you’re running a small family business, a local bakery, a boutique shop, or a tech startup. One morning, you find your system is locked, a screen message advising you your data and system is unavailable with a contact number to gain access and in the meantime, your business is not able to operate. This isn’t just a bad day or malfunction of the hardware; it is more likely a cyberattack. These attacks are taking place at an increasing frequency, but many go unreported and unnoticed. As Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), recently warned, these attacks don’t just hurt businesses, they disrupt our economy and society’s cohesion.
The NCSC works tirelessly to help organisations prevent and respond to these threats by raising awareness and offering guidance. The NCSC can do, and only should do, so much. It is your business that at some point will come under attack, and your business that will suffer the effects.
This blog explores Richard Horne’s message, the growing concerns, and how Pera Prometheus supports the NCSC’s efforts to strengthen business resilience.
Importance of Small and Medium-sized Enterprises
SMEs are the backbone of the UK economy, driving significant economic activity and job creation. In 2024, SMEs, defined as businesses with fewer than 250 employees with a turnover of less than £44M accounted for 99.8% of the UK’s 5.5 million business population. They contributed around 52% of private sector turnover which is equivalent to £2.8 trillion, a substantial share of the UK’s GDP.
SMEs also provided 60% of private sector employment, employing 16.7 million people, with small businesses (0-49 employees) accounting for 13.0 million jobs and medium-sized businesses (50-249 employees) contributing 3.7 million.
These numbers show just how vital SMEs are to the UK’s economic health and social stability. Due to their touch points into other areas of UK industry, coupled with their tendency to lack dedicated attention to Cyber security matters, this makes them prime targets for threat actors as well as important defenders in the fight against cybercrime.
Everyone is a target
Recently, major UK businesses like M&S, Co-op, Harrods, and Peter Green Chilled were struck by cyberattacks. Despite their strong cyber response and incident management teams, it disrupted their operations, and this proved that no one is immune to hacking attempts. While the full details of how these companies were penetrated and exploited is yet to be released, it is likely that access to networks could have been through supply chain manipulation and social engineering.
A brief detail of each cyber-attack, is listed below:
Marks & Spencer (M&S): A ransomware attack, likely by Scattered Spider using Dragon Force, hit in February 2025. The attack compromised customer data, disrupted online services and is projected to have a substantial financial impact on the company.
Co-op Group: In April 2025, a cyberattack stole customer and employee data, disrupting IT systems but not stores. Systems were pro-actively shut down on 30th April, with online ordering resumed by mid-May, aided by NCSC and strengthened authentication.
Harrods: On May 1, 2025, Harrods confirmed that it had experienced attempts to gain unauthorised access to its systems. In response, the company’s IT security team, worked with NCSC, promptly restricted systems’ internet access and achieved rapid recovery with no major impact.
Peter Green Chilled: On 14 May 2025, Peter Green Chilled, a logistics company supplying major UK supermarkets including Tesco, Sainsbury’s, and Aldi, experienced a ransomware attack. The attack compromised the company’s computer systems, leading to the suspension of order processing systems. Recovery involved isolating systems with NCSC guidance, though details remain limited.
These incidents highlight the vulnerability of supply chains to cyber threats and the importance of robust cybersecurity practices. Therefore, SMEs must be extra vigilant and adopt a robust security culture to protect against breaches and prepare for potential incidents.
Prepare and Protect Your Business from Cyber Threats
The recent cyber incidents making headlines (and these are just the ones that are reported), are a clear wake up call to every business in the UK. Cyberattacks are real, happening right now, and can seriously harm an organisation. Businesses simply cannot ignore this threat and need to act to prevent similar situations form happening to them, along with the associated financial and reputational damage that follows.
Thankfully, the National Cyber Security Centre (NCSC) offers practical tools and simple guidance to help businesses defend themselves and prepare for cyber incidents. Every business, large or small, should take advantage of these resources to stay safe. These guidelines are not complicated, they’re practical steps every business can and should take today.
- Respond to Cyber Incidents: Understand how to quickly detect, manage, and recover from cyberattacks to minimise disruption. The NCSC’s Incident Management Guide provides actionable advice.
- Respond & Recover: If your organisation has experienced an online scam or attack, swift action is critical. Utilise the Respond & Recover guidance for clear, immediate steps to regain control.
- Cyber Governance for Boards: Cybersecurity begins at board level. Effective leadership sets the standard, embedding cybersecurity into organisational culture. The NCSC’s Cyber Governance resources equip senior leaders to make informed decisions about cyber risks.
- Data Breach Guidance: Every business holding customer or sensitive data must know how to react decisively if information is stolen or accessed without authorisation. Familiarise your organisation with the Data Breach guidance to protect trust and mitigate harm.
- Cyber Essentials Certification: Adopt the government-backed Cyber Essentials scheme to reassure customers and stakeholders that your business is proactive in maintaining rigorous cybersecurity practices.
Read more: Physical Security
The Message
The prevailing opinion of information and cybersecurity advisory bodies and professionals is that the threat is such that organisations should not think about what to do if they suffer an attack but when! Prevention is still important and you can help yourself by not only applying technical controls but by raising security awareness amongst your people, but ask yourself “Do you and your organisation know what to do in the event of a Cyber incident?”….in fact, do you even know what your critical systems are and who feeds that supply chain?”
- Gareth Shaw MD, Pera Prometheus
Every business in the UK contributes in its own unique way to our nation’s economy and helps keep essential services running. Cyber threats can affect anyone, and no businesses large or small is immune. Protecting your company against cyber incidents isn’t only about applying the latest technology, it’s about taking responsibility and building awareness from the top down, essentially developing a business security culture. Senior leaders of every organisation must encourage the development of an effective security culture, using practical advice and resources from the NCSC, to remain secure and resilient.
If organisations do not have their own ‘in-house’ skills or the time to handle these risks alone then it makes good business sense to turn to experts like Pera Prometheus Consulting. Supply Assure is another team of experts who are contributing towards securing the nations supply chain businesses. Both companies provide tailored training and strategic advice to help businesses stay protected, resilient, and ready to respond when needed. By taking proactive steps today, your business helps protect itself, supports the economy, and contributes positively to national security and stability.
Discover how Pera Prometheus can help protect your business through customised cybersecurity training, strategic guidance, and practical support; visit pera-prometheus.com/services today.
