More than two in five businesses were hit by a cybersecurity breach or attack in 2025, as new data highlights widening gaps in training, responsibility and confidence across small and medium-sized enterprises.
A survey of SME employees, conducted by broadband experts at Uswitch Business Broadband, suggests that while cyber threats are now a routine feature of the business landscape, many organisations are still struggling to equip staff to deal with them.
The findings point to a workforce increasingly expected to handle digital security risks without formal preparation, with nearly two-fifths (37%) of employees saying cybersecurity was not part of their original job description when they were hired. A further 14% said they were unsure or could not remember.
The results suggest that responsibility for cybersecurity is often being absorbed informally within SMEs, rather than being clearly defined or assigned to specialist roles.
The research also highlights significant variation in training levels.
Over one in six employees (16%) said they have never received any cybersecurity training, while 45% reported receiving only basic instruction. Just 39% said they had received comprehensive training.
Despite rising threats, the findings suggest that structured cyber education remains uneven across smaller organisations, leaving many staff to rely on limited or informal knowledge when dealing with potential attacks.
While most employees expressed some level of confidence in handling cybersecurity issues, the survey also revealed a notable minority who remain uncertain.
Only 20% described themselves as โvery confidentโ in managing cyber risks, while a majority (51%) said they were โsomewhat confidentโ. A further 21% remained neutral, with 7% not very confident and 1% not at all confident.
More than half (52%) of respondents said they sometimes feel out of their depth when dealing with cybersecurity incidents at work, and 12% said this happens often. Only 6% said they never feel out of their depth.
Employees identified a lack of training as the biggest obstacle to improving cybersecurity, with 45% of respondents citing it.
This was followed by insufficient dedicated cybersecurity staff (31%) and limited budgets (20%), underscoring the structural challenges SMEs face in keeping pace with increasingly sophisticated threats.
The findings come amid a backdrop of rising cyber incidents, with 43% of businesses reporting a breach or attack in 2025 alone.
Taken together, the results suggest cybersecurity is becoming a core operational pressure for SMEs โ but one that is still frequently under-resourced and inconsistently managed.
With attacks increasing in frequency and sophistication, the reliance on non-specialist staff to shoulder responsibility for digital security is leaving many organisations exposed to both technical and human risk.
As cyber threats continue to escalate, the divide between expectations and preparedness appears to be widening โ raising questions about how long SMEs can rely on informal arrangements to manage what is now a central business risk.
Uswitch Business Broadband Experts provide tips on how to support SME employees managing cybersecurity responsibilities: โCybersecurity is no longer confined to IT departments, particularly within SMEs, where responsibilities are often shared across non-specialist staff. Our findings suggest many employees are now expected to contribute to cybersecurity-related tasks, despite varying levels of confidence and training.
โTo support this shift, SMEs should ensure employees have access to regular, relevant cybersecurity training that helps build confidence in recognising and responding to potential risks. Clearly defining who is responsible for cybersecurity within teams can likewise help to reduce uncertainty, ensuring employees understand where accountability lies when issues arise.
โGiving cybersecurity greater visibility at the leadership level, and ensuring it is prioritised alongside other business pressures, can also help organisations embed stronger, more consistent cyber practices across the board.โ
Leave a Comment