New Research Reveals the Scale of Cyber Risk Facing UK SMEs

• UK SMEs face a combined estimated loss of up to £100k annually due to un-budgeted security fixes and malware recovery

• One in five small businesses would be forced to close their doors within three months in the event of a cyber breach

• Despite the risks, 58% connect to free public Wi-Fi with 15% accessing sensitive work documents whilst connected

• Samsung has launched the Galaxy S26 Ultra Enterprise Edition as the answer to shaky cyber security in the workplace. The AI-powered phone for business is engineered to serve as a fortress for SME’s data

New research has revealed one in five SMEs would have to close their doors within three months if they experienced a data breach, estimating that a cyber security attack would cost them up to £100k in lost revenue and fines.

A poll of 1,000 SME business owners has highlighted issues around data security in the UK workplace, with 21% of businesses describing their current approach to security as reactive rather than proactive.

The research also reveals how modern working habits may increase exposure to sensitive data, with nearly a third (32%) of SME employees working from coffee shops and almost a quarter (24%) working from public transport at least once a week.

In these environments, 36% say they’ve been able to clearly read sensitive emails or messages on someone else’s screen, while a quarter admit they have peeked at a stranger’s device.

The research comes as Samsung launches the Galaxy S26 Ultra Enterprise Edition, engineered with security and privacy at its core. The device features the world’s first built-in Privacy Display^[1] on mobile to narrow the viewing angle and shield your data from prying eyes, alongside government-grade Samsung Knox security to safeguard businesses against threats.

To help businesses turn the tide, former cyber security expert and 2026 Traitors winner, Stephen Libby, has appeared in a new video that brings to life the invisible threats lurking in and outside of the office.

Stephen comments: “Cyber security breaches are a massive issue for any business, and this traitorous behaviour can especially effect SMEs. A single incident can disrupt operations or even force business to close. With so much work now happening on phones, it’s crucial that businesses make sure they’re using devices with strong built-in security and privacy protections to keep sensitive information safe.”

Business owners say they’re aware of threats like phishing and scam messages (88%), malware (84%), unauthorised apps (53%), rooting/firmware tampering (32%) and snooping (29%). Yet one in five admit they wouldn’t know if their device had been compromised, and 58% say they download apps or software to work devices without checking security permissions first.

Annika Bizon, Mobile Experience VP of Product and Marketing, Samsung UK & Ireland comments: “Small and medium businesses are the backbone of our economy, yet they are increasingly targeted by cyber criminals because they often lack enterprise-grade protection.

“Technology should help level the playing field. By building advanced security directly into the Galaxy S26 Ultra Enterprise Edition, from Samsung Knox security and our Privacy Display technology, we’re helping businesses with the tools to stay proactive and protect sensitive data wherever work happens.”

Despite over half (55%) of SMEs being more aware of cyber security following recent high-profile breaches, a staggering 69% revealed that they have no allocated funds or insurance to cover an incident, further emphasising the need for tighter security practices in the workplace.

Top reasons for cyber security breaches affecting SMEs in the last 12 months:

1. Phishing scams
2. Not having enough protection in place
3. Lack of staff training
4. Third party or supplier issues
5. Remote or home working vulnerabilities

Although many blame breaches on phishing and staff awareness, 67% of SMEs haven’t introduced new cyber security measures in the past year. Worse still, 45% provide no training at all, so employees miss the warning signs of phishing and early malware, leaving businesses exposed.

While 43% say they feel watched or uncomfortable handling sensitive documents in public, a third (31%) still never use a physical privacy screen to protect their data. Mobile devices are also central to modern working habits, with three quarters (74%) using their mobile for work, yet almost half (49%) say cyber security isn’t a top priority when choosing a device.

Meanwhile, 58% connect to free public Wi‑Fi, with 15% admitting they access sensitive work documents while connected.

The Galaxy S26 Ultra Enterprise Edition comes as the answer to shaky cyber security in the workplace. The AI-powered phone with Personal Data Engine^[2] is designed to serve as a fortress, encrypting data and saving it onto your device with KEEP and Knox Vault, making it harder for anyone else to gain access to your personal data.

[1] Requires manual activation in settings to function. Privacy Display feature is not AI-powered.

[2] Personal Data Engine is exclusive to Samsung native apps and is not applicable to third-party applications. Personal Data Engine recognises 20 languages and certain accents/dialects. The Personal Data Intelligence menu must be switched on. Analysed data will be deleted once the Intelligence menu is turned off.