Espria warned that as geopolitical threat escalates, small and medium-sized UK businesses must strengthen cybersecurity.
Small and medium-sized enterprises in the UK (SMEs) have been urged to strengthen their cyber defenses amid an increasing wave of political motivations as global tensions and conflicts exacerbate the threat landscape.
The recent Sky News Survey shows that cyberattacks related to the Iran conflict have increased, which warned that businesses in multiple sectors are increasingly targeted. Prime Minister Keir Starmer spoke at this week’s NATO summit, calling on British companies of all sizes to “take immediate measures to review and strengthen their defenses”.
Clinton Groome, CEO of IT services and cybersecurity provider Espria, said it might be too late to call for action for some, warning that businesses can no longer wait for official government alerts before taking proactive steps.
“As global tensions spread, threat actors will continue to exploit digital vulnerabilities, and neutral businesses bring low-risk, high-impact goals,” Groome said. “This latest warning exacerbates the urgency of the threat, but it also highlights the gap in cyber-ready in the UK. Cybersecurity is not just a system, but also about people.”
Human error is still the biggest risk
Although companies often focus on technology upgrades, Groome emphasizes the importance of addressing human factors, which are often the weakest link in the security chain. He cites BT research that shows that 39% of UK small and medium-sized enterprises (about 2 million) have not arranged cybersecurity training for their employees.
“Cyber awareness remains very stressful,” he said. “Before investing in tools, organizations need to strengthen their human firewalls. Attackers use distractions, fears and information overload to launch social engineering campaigns. Businesses must make sure their teams are ready.”
Groome recommends publicity plans within the scope, including incident response drills, simulated phishing attacks, and regular enhancement of cyber hygiene best practices. “The goal is a workforce that is not only informed, but also has enough confidence to report suspicious activity.”
In addition to employee awareness, Groome points out the importance of basic network hygiene – including multi-factor authentication (MFA), regular patches, and protecting Internet of Things (IoT) devices. He also marked the end point of October’s support for Windows 10, a key vulnerability urging companies to move to Windows 11 without delay.
“Threat actors are opportunists,” he said. “The end of Windows 10 support will keep the system untouched and open unless action is taken.”
Groome also highlights the importance of observability and integrated telemetry, the ability to monitor all parts of an organization’s IT environment in real time.
“Network observability is a team sport. SMEs need to consolidate visibility across endpoints, email, cloud and identity systems to detect early tradeoffs such as abnormal logins or duplicate MFA requests. Orphaned data cannot protect businesses – comprehensive insights can.”
Given the complexity and cost of deploying advanced security systems, many small and medium-sized businesses may have difficulty establishing these capabilities internally. Groome recommends businesses seek support from external experts or managed security providers.
“Tiered security is essential, but can be resource-intensive. Partnerships can help SMEs expand their protection, integrate telemetry and provide meaningful training,” he said.
As geopolitical instability continues to drive cyber risks across the private sector, Groome ends with an urgency message: “Cybersecurity is no longer ‘good arrival’ – it is the necessity to survive. With the right tools, knowledge and support, businesses can build resilience that they need to avoid the current storm.”
