- The AI arms race in cybersecurity: Why trust is the ultimate defense
- Google Search's AI mode goes multimodal
- The most popular AI tools of 2025 (and what that even means)
- AI commentary goes into full swing at Players Championship
- Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign
Vodafone Urges UK Cybersecurity Policy Reforms
Vodafone Business has made various policy recommendations to the UK government, including enhancements to the Cyber Essentials scheme and tax incentives for cybersecurity, after revealing that inadequate cybersecurity measures cost UK SMEs £3.4bn ($4.4bn) annually.
Vodafone found that the average cost of a cyber-attack for a small business is around £3398 ($4370), with this figure rising to £5001 ($6425) for companies with over 50 employees.
These findings are part of Vodafone Business’ Securing Success: The Role of Cybersecurity in SME Growth report, published on April 7, 2025.
Vodafone Business noted that cyber-attacks against SMEs have surged in recent years and 35% were victims to at least one incident in 2024.
More than a quarter (28%) suffered between one and five attempted attacks, while (6%) were targeted up to 10 times in a year.
Cybersecurity Issues Among SMEs
Vodafone’s research showed that 52% of UK SME employees received no cybersecurity training and 32% of SMEs had no cybersecurity protections in place at all.
Meanwhile, less than £100 a year is invested in cybersecurity by 38% of SMEs and 60% of SMEs allow employees to use their own IT equipment when working from home.
A fifth of remote workers have been targeted by cybercriminals and 15% of SME employees have been banned from working from home because of the risk of falling victim to a cyber-attack.
The most common cyber-attacks SMEs should consider protecting against include phishing, with 70% of firms experiencing this in the past year, ransomware, distributed denial-of-service (DDoS) attacks and water holing.
Vodafone Issues Policy Recommendations to UK Government
Vodafone Business issued several policy recommendations to the UK government to ensure that cybersecurity tools are scalable and affordable for all SMEs.
The policy recommendations included a boost to the Cyber Local funding scheme, which has a limited reach and Vodafone commented that only a few successful grants targeted SMEs. In January, 2025, the UK government announced £1.9m ($2.3m) in government and private sector funding for 30 Cyber Local projects across England and Northern Ireland
Vodafone also called for a review of the Cyber Essentials program, last updated in 2022, which it said was not sufficiently reaching UK SMEs. Awareness schemes should engage SME owners during key business activities, such as tax submissions, employee data reporting, or new business registrations, Vodafone noted. For SMEs with over 50 employees, mandatory compliance could be integrated into existing reporting obligations.
The company also called for tax incentivization for cybersecurity investment through tools like R&D tax credits and full expensing for plants and machinery.
Noting the complexity of investment of cybersecurity software under current capital expenditure definitions, Vodafone advocated for the establishment of a dedicated capital allowance for cybersecurity that covers both hardware and software would simplify access to tax reliefs.
Finally, the company called for greater public/private partnerships, which allow smaller firms to gain insights from larger firms with dedicated risk management schemes for instance.
Vodafone is now offering SMEs a complimentary one-month trial of CybSafe. The trial version grants essential access to the platform’s education and training sections, featuring various modules designed to increase staff confidence in handling potential cyber threats, such as phishing or ransomware attacks.
