The Cyber Criminal Groups Targeting SMEs – And Whether Their Activity Is Rising Small and medium-sized businesses (SMEs) across the UK remain one of the most attractive targets for cyber criminals. They often hold valuable data, payment information, intellectual property and customer records, yet typically lack the cyber security resources of larger organisations. Government reports and industry threat intelligence consistently show that financially motivated cyber crime groupsare responsible for the majority of attacks against SMEs. The most common attackers are not elite state hackers. Instead they are profit-driven cyber criminals running phishing scams, credential theft operations, business email compromise fraud and ransomware attacks. According to the UK government’s Cyber Security Breaches Survey 2025, around 43% of UK businesses reported experiencing a cyber attack or breach in the previous 12 months. The scale of the problem means SMEs are now firmly in the crosshairs of global cyber crime operations. The Scale of Cyber Attacks Against UK SMEs Cyber attacks targeting UK businesses remain widespread. The Cyber Security Breaches Survey 2025, published by the UK government, estimates that businesses experienced millions of cyber crime incidents during the reporting year. Key findings include: 43% of UK businesses experienced a cyber breach or attack 20% experienced at least one cyber crime phishing accounted for 93% of cyber crimes affecting businesses These figures highlight a crucial reality: most cyber attacks targeting SMEs are opportunistic and automated rather than highly targeted espionage operations. Attackers often launch large-scale campaigns in the hope that a small percentage of victims will fall for the scam. The Cyber Criminal Groups Most Responsible for SME Attacks 1. Phishing and Business Email Compromise (BEC) Criminal Networks The largest group of attackers targeting UK SMEs is phishing and online fraud networks. Phishing attacks involve sending deceptive emails, messages or websites designed to trick employees into revealing passwords or financial information. Once criminals obtain login credentials they can: access company email systems redirect payments or invoices steal sensitive data launch further attacks within the organisation According to the UK government survey: Phishing affected 93% of businesses experiencing cyber crime 18% of all UK businesses experienced phishing attacks This makes phishing by far the most common cyber attack method in the UK business environment. Many phishing campaigns are now operated as “phishing-as-a-service” operations, where criminals sell ready-made attack kits on the dark web. The Most Dangerous Attackers: Ransomware Gangs Ransomware Extortion Groups While phishing attacks are the most common, ransomware gangs are often the most damaging once they gain access to a network. Ransomware attackers typically: gain access through stolen credentials or vulnerabilities move laterally through the network steal sensitive data encrypt company systems demand payment to restore access The UK National Cyber Security Centre (NCSC) describes ransomware as: “One of the most acute and pervasive cyber threats facing UK organisations.” Although ransomware incidents are less common than phishing attacks, they often cause severe operational disruption and financial losses. The Most Active Ransomware Groups Affecting Businesses Threat intelligence companies have identified several ransomware groups active in attacks against organisations worldwide, including SMEs. Recent reporting highlights several groups frequently seen in ransomware incidents: Akira Qilin RansomHub groups linked to the LockBit ransomware ecosystem Security firm Coveware reported that Akira was one of the most active ransomware groups during 2025, while other gangs quickly emerged after international law enforcement disrupted LockBit infrastructure. This illustrates a key problem: ransomware groups evolve rapidly, and when one operation is dismantled another often appears. Cyber crime behaves more like a market economy than a traditional criminal gang hierarchy. How Successful Have Cyber Criminals Been? Financial Impact on SMEs The financial impact of cyber attacks on small businesses varies widely. According to the UK Cyber Security Breaches Survey 2025: average cost of the most disruptive breach for small businesses was around £1,510 among organisations suffering significant outcomes the average cost rose to about £7,960 While these averages appear modest, they hide more severe incidents involving: ransomware payments business interruption reputational damage regulatory consequences For many SMEs the biggest cost is operational downtime rather than direct financial theft. Is Cyber Attack Intensity Increasing or Decreasing? Evidence Suggests the Threat Is Growing Evidence from government and industry suggests cyber crime targeting businesses is becoming more sophisticated and frequent. The National Cyber Security Centre (NCSC) reported that hostile activity affecting UK organisations has increased in: frequency technical sophistication operational intensity The NCSC handled 430 cyber incidents in 2024, compared with 371 the previous year. Security researchers also report that ransomware attacks, identity theft and business email compromise are becoming more sophisticated due to automation and AI-assisted tools. Expert Perspective Cyber security experts increasingly warn that cyber crime has evolved into a professionalised global industry. Professor Ciaran Martin, founding Chief Executive of the NCSC, has emphasised that most cyber crime today is financially motivated and industrialised. Rather than isolated hackers, many operations now resemble organised businesses with: affiliate networks customer support for criminals profit-sharing arrangements specialised infrastructure providers This model allows cyber crime groups to scale their attacks across thousands of organisations simultaneously. Final Assessment The available evidence shows that financially motivated cyber criminals are responsible for the majority of attacks against UK SMEs. The overall threat landscape can be summarised as follows: Most common attackers Phishing networks and business email compromise fraudsters. Most damaging attackers Ransomware and data-extortion gangs. Most visible ransomware groups Akira, Qilin, RansomHub and actors linked to the LockBit ecosystem. Trend in cyber attacks Overall increasing in sophistication and intensity, although individual attack types fluctuate year to year. For small businesses, the uncomfortable reality is that cyber criminals do not need sophisticated espionage tools to succeed. Most attacks still succeed through stolen passwords, phishing emails and poorly secured systems. Which is slightly tragic when you consider how many multi-million-pound breaches start with someone clicking what is obviously a fake invoice email. Humans remain the most efficient vulnerability ever discovered. Post navigation How Much UK Businesses Lose Annually to Invoice Fraud and BEC Should a UK Small Business Take a Cyber Attack Threat Email Seriously?