It is one of the most common things we hear from small business owners when the subject of cyber security comes up. “We’re only a small company. Why would anyone bother with us?”

It is an understandable assumption. The headlines tend to feature big names. The likes of Marks and Spencer and the NHS. It is easy to look at those stories and think that hackers are only interested in large organisations with deep pockets and vast amounts of data. The reality is quite different. And it is important that your business knows the truth.

The Numbers Tell a Different Story

There are 5.5 million small organisations in the UK, and 1 in 2 small businesses suffer a cyber incident every year. That is not a prediction or a worst-case scenario. That is what is happening right now, to businesses just like yours.

96% of all UK businesses that suffer a cyber security attack are small and medium-sized businesses. So while the big breaches grab the attention, the vast majority of victims are the smaller companies that never make the news.

Why? Because cyber criminals are not sitting in a darkened room handpicking targets. They use automated tools that scan the internet constantly, looking for easy ways in. Weak passwords, unpatched software, an employee who clicks the wrong link in an email. Size is not a deciding factor. Vulnerability is.

Small Means Easier, Not Less Valuable

Here is the thing attackers know that many business owners do not. Small businesses often have far less security in place than larger ones, which makes them considerably easier to compromise. In fact, 28% of UK small businesses say that a single attack could put them out of business entirely.

And it is not just about stealing data. Ransomware attacks lock you out of your own systems until you pay. Phishing scams trick your staff into handing over login details or authorising fraudulent payments. Even a few hours of downtime can have a serious knock-on effect for a small team.

The average cost of a cyber attack for a small UK business is £3,398. That might not sound enormous compared to the millions you read about in major breaches, but for a small business it can be the difference between staying afloat and closing the doors.

Your Business Is Also a Route into Others

There is another angle worth considering. Even if your own data feels unremarkable, you likely have relationships with clients, suppliers, and partners. Attackers sometimes target smaller businesses specifically to use them as a stepping stone into a larger organisation. Only 14% of UK businesses check their suppliers security. That gap is exactly what cyber criminals look for.

What You Can Do

The good news is that most attacks are preventable. Strong passwords, multi-factor authentication, regular software updates, staff awareness and a reliable backup system will deal with the vast majority of threats your business is likely to face.

If you are not sure where your business currently stands, that is the right place to start. A simple conversation with your IT provider can highlight the gaps and give you a clear picture of what needs to be done.

The “we’re too small to be targeted” mindset is not just wrong. In 2026, it is genuinely dangerous. The businesses that take cyber security seriously, regardless of size, are the ones that carry on trading when an attack comes.

If you would like to talk through how Three Cherries can help protect your business, get in touch! give us a call on 0117 9300 333 or drop us an email at news@threecherries.co.uk.