Don’t Wait for a Breach: Lessons Learnt from 2025

Insights from the NCSC Annual Review

The National Cyber Security Centre (NCSC) is the UK’s authority on cyber security, and their latest Annual Review is a real eye-opener. Cyber threats are growing, and no business is too small to be affected highlighting the need for cyber security for small businesses in 2025. In the past year, nearly half of all incidents the NCSC handled were nationally significant, and the number of “highly significant” attacks has jumped by 50% for the third year in a row.

Despite this, cyber security still gets pushed down the agenda in many businesses. It is easy to focus on finances, marketing, or improving your product or services. Whether that is a bakery perfecting a recipe or a consultancy chasing new clients. But the reality is that ransomware, phishing, and supply chain attacks are on the rise, and criminals are targeting organisations of every size and sector. Ignoring cyber security can lead to financial loss, reputational damage, and even business closure.

Key Takeaways from the NCSC Annual Review 2025
  • Ransomware is still a major threat. Criminals do not care what sector you are in; they look for easy targets.
  • AI is changing the game. Attackers are using artificial intelligence to make their methods more effective, so businesses need to keep up.
  • No business is too small. From local shops to national retailers, everyone is a potential target.
  • The volume of incidents is up. The NCSC received 1,727 incident tips in 2024–25, with 48% classed as nationally significant.
    1,727 incident tips received by the NCSC in 2024–25
  • 48% of incidents were nationally significant
  • 1.2 million cyber-enabled campaigns removed by the NCSC’s Takedown Service
  • 10.9 million suspicious emails reported via the Suspicious Email Reporting Service in the last year
  • 316,343 Early Warning alerts sent to customers’ IP addresses in a year

The Cyber Action Toolkit: Practical Help for Small Businesses

With 5 million sole traders, micro, and small businesses in the UK, it is no wonder many people feel overwhelmed by cyber security advice. The NCSC’s new Cyber Action Toolkit is designed to make things simpler. It is a free, step-by-step resource that breaks cyber protection into manageable actions, letting you track your progress at your own pace. Over 2,500 users have already found that this interactive approach helps them take real action, not just think about it. The Toolkit is now available to all small businesses in the UK.

Sophie from Inside Technology tested out the Cyber Action Toolkit and here’s what she had to say:

Sophie Image from Inside Technology

Having tried out the Cyber Action Toolkit myself, I can honestly say it’s a fantastic resource for small businesses and sole traders. Even though we trust the NCSC and their advice, we always think it’s best to trial anything we recommend before passing it on to our clients or readers.

One thing I really appreciated is how the toolkit tailors its advice based on the size of your organisation and whether you have any Cyber Essentials certifications, so you’re not overwhelmed with steps that aren’t relevant to where you are right now. It breaks everything down into clear, manageable steps, and there are helpful videos and ready-made email templates you can send out to your employees. The interface is straightforward and easy to navigate, so you don’t need to be a tech expert to get started.

Overall, I think it’s a great baseline for anyone looking to improve their cyber security. If you haven’t already, I’d encourage you to give it a go, it’s a simple way to start making your business safer online.

Try the Cyber Toolkit Now

Cyber Essentials: Proven Protection

Cyber Essentials is a government-backed certification that shows your business is protected against the most common cyber threats. We’ll follow up on more details about Cyber Essentials in the future however here are some numbers that stand out from the report:

  • 39,790 certifications awarded this year (up 17.5%)
  • 85% of users say it improved their understanding of cyber risks
  • 91% feel more confident about reducing risks
  • 79% believe it boosts client confidence
  • 69% say it increased their market competitiveness
  • Organisations with Cyber Essentials are 92% less likely to make a claim on their cyber insurance

How Inside Technology Can Help

At Inside Technology, we are passionate about making cyber security accessible and achievable for everyone. We are not just here to sell you a service; we want to help you understand what you need and why it matters. Here is how we can support you:

  • Cyber Essentials made simple: We guide you through the certification process, help you put the right controls in place, and make sure you are ready to pass.
  • Guided support: If you find the Cyber Action Toolkit overwhelming or do not have time to tackle it, we can help you work through the steps.
  • Enhanced security as standard: For our managed clients, we implement best practices and provide tools like Keeper password manager to keep your accounts safe.
  • Incident response: If something goes wrong, we are here to help you report the incident, recover quickly, and strengthen your defences.
  • Empowering you: We want you to feel confident about your own infrastructure, so you can spot weaknesses and take action. Keep an eye on our blog or sign up to our newsletter for more tips.

Some security measures, like managing your business’s third-party cloud accounts or setting up zero trust admin controls, will need your involvement. But you will not be on your own; we will guide you every step of the way.

If you are curious about managed services or just want to chat about where to start, get in touch. We are always happy to help, whether you need a full security overhaul or just want to dip your toes in.

Final Thoughts for Cyber Security for Small Business in 2025

The NCSC’s Annual Review 2025 is a reminder that cyber security is everyone’s responsibility. It should be a regular topic on your business agenda, not something you only think about after a problem. With practical tools like the Cyber Action Toolkit, Cyber Essentials and support from Inside Technology, you can take real steps to protect your business, your customers, and your reputation.

Ready to get started?
Try the Cyber Action Toolkit, ask us about Cyber Essentials, or reach out for a chat about managed services and how we can help you stay secure.