Daily Briefing – 20 March 2026 Another day, another reminder that cyber criminals wake up earlier than most business owners and work harder. Inspiring, in a deeply unfortunate way. 🚨 Phishing Attacks Surge Across UK SMEs Phishing is still the reigning champion of “embarrassingly avoidable disasters”. UK SMEs report a sharp rise in targeted phishing campaigns this week Increase in AI-generated emails mimicking suppliers and directors Finance teams remain the primary target for payment diversion scams Expert Insight Security analysts are warning that phishing emails are now near indistinguishable from legitimate communication, especially when AI is used to replicate tone and writing style. Translation: your “I’d spot a scam instantly” confidence is doing a lot of heavy lifting. 🏢 Supply Chain Attacks Continue to Escalate It turns out trusting your suppliers blindly is not a security strategy. Who knew. Growing number of UK incidents linked to third-party IT providers and SaaS platforms Attackers increasingly target managed service providers (MSPs) to access multiple SMEs at once SMEs often lack visibility over supplier security controls Expert Insight Cyber specialists stress that attackers prefer “one-to-many” breaches, compromising a single supplier to access dozens of businesses. Efficient. Ruthless. Slightly more organised than most SMEs’ password policies. 🤖 AI-Driven Attacks Become Fully Automated Cyber crime has officially embraced automation. Naturally, productivity gains apply here too. Attackers using AI to: Generate hyper-personalised phishing emails at scale Automate credential stuffing and password attacks Conduct real-time social engineering via chat and voice cloning SMEs increasingly report faster, more persistent attack cycles Expert Insight “AI has lowered the barrier to entry for cyber crime,” meaning less-skilled attackers can now launch highly convincing, large-scale attacks. So not only are there more attackers. They’re also getting better tools. Progress. 💀 Ransomware Targeting Smaller Firms More Aggressively Ransomware groups have done the maths. SMEs are easier and more likely to pay. Increase in “low-value, high-volume” ransomware attacks Attackers demanding smaller ransoms (£5k–£50k) to encourage quick payment Continued use of double extortion (data theft + encryption) Expert Insight Criminal groups are shifting strategy from big corporations to repeatable SME attacks, treating businesses like a subscription model. Disturbingly clever. Morally bankrupt. Very on brand. 📱 Mobile Devices: The Quiet Weak Spot Everyone locked down their laptops. Then ignored the phones entirely. Excellent. Rise in attacks targeting: Business WhatsApp and SMS phishing (smishing) Unsecured BYOD devices accessing company data Many SMEs lack mobile device management (MDM) controls Expert Insight Security professionals warn mobile devices are now “the easiest entry point into corporate systems”, especially in hybrid working environments. 📊 Today’s Reality Check for UK SMEs Most attacks still succeed due to human error, not technical failure Email, suppliers, and mobile devices are the top three risks AI is making attacks faster, cheaper, and more convincing SMEs remain the preferred soft target Not because they’re unlucky. Because they’re easier. 🧠 What This Means (Without the Corporate Nonsense) If you run a small business and think: “We’re too small to be targeted” “Our IT guy has it covered” “We’ve never had an issue before” That’s not reassurance. That’s exactly what attackers are counting on. 🔐 Practical Actions (Minimal Effort, Maximum Damage Control) Turn on multi-factor authentication across all systems Run phishing simulations so staff stop clicking everything shiny Review supplier access and permissions Implement basic mobile device controls (MDM or at least policies) Keep offline backups and actually test them Cyber criminals are running this like a business. Efficient, scalable, constantly improving. Meanwhile, a lot of SMEs are still debating whether password123 needs a capital letter. That gap is where the damage happens. Post navigation UK AI for SMEs: Opportunity, Risk and Reality Small Medium Business UK AI News: Adoption Booms… but Results Still Lag Behind