Cyber security: advice for small businesses

Guidance for small businesses on how to put simple cyber security measures in place.


Small Business Guide - cyber security


Cyber security needn’t be a daunting challenge for small business owners. Following the quick and easy steps in this guidance will help protect your money and data online, and could save time and even your business’s reputation.

38% of small businesses suffered a cyber breach or attack in the past 12 months, with the average cost for those that lost data or assets standing at £8,170 (source). Taking action today can significantly reduce the chances of your business becoming a victim of cyber crime.

For sole traders and micro businesses

  • If you work for yourself or run a small firm with fewer than 10 employees, the Cyber Aware campaign offers six practical actions you can take to improve your cyber security.
  • You can also create a free personalised Cyber Action Plan to show you what steps to take.

For all small businesses

  • Small businesses of all sizes can benefit from using the National Cyber Security Centre’s (NCSC) Small Business Guide. This offers practical advice to protect your business online.
  • The guide includes a free personalised Cyber Action Plan to show you what steps to take.
  • For greater assurance and to demonstrate your commitment to cyber security, the Cyber Essentials scheme helps to guard against the most common cyber threats.
  • The Response and Recovery Guide helps small businesses prepare their response to and plan their recovery from a cyber incident.

Training and exercises

If your business employs staff, they can benefit from knowing how to protect your business and avoid online scams and fraud. Staying Safe Online: Top Tips for Staff is a totally free, easy-to-use training module which takes less than 30 minutes to complete. For more information on this training, please see the NCSC’s blog post about cyber security training for staff.

If you want to prepare for an incident, the Exercise in a Box is a free online tool to help organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.

 Further advice and guidance

The NCSC also offers advice on:

Reporting a cyber crime or online fraud

If your business has been the victim of a cyber crime or online fraud, you can report this to the police using the Action Fraud website or by calling 0300 123 2040.

Published 23 April 2013
Last updated 7 May 2021 + show all updates
  1. Added links to further guidance including Cyber Essentials, Exercise in a Box, Response & Recovery Guide.

  2. Updated to include a) the updated NCSC small business guide and b) the free online training package for small businesses.

  3. Information on the Cyber Essentials and the Cyber Streetwise campaign added to the guidance.

  4. First published.