Fewer than one in five UK businesses training staff to look for 'basic cyberattacks' as firms lost close to £1billion last year

Figures shared exclusively with LBC show that just 18 per cent of bosses say they test staff to look out for potential scams.

Small and medium firms saw a 93 per cent surge in cyber incidents over the past year, resulting in an estimated £921.2 million in losses, data released by money.co.uk has revealed.

To mark LBC's Online Safety Day, a technology expert has warned of cybercrime becoming more "sophisticated" and is encouraging employers to bolster their defences and boost education for staff.

Read more: Three quarters of Brits back tougher online safety laws

Read more: Cyber attacks are rising, Britain’s cyber skills are not and apprenticeships are the answer...

Business finance expert Joe Phelan told LBC: "The survey data highlights that fewer than one in five UK firms (18 per cent) tested staff with mock phishing exercises in the previous 12 months.

"This is despite phishing being the leading cause of cyber breaches, reported by 85 per cent of businesses."

The figures also revealed that just 15 per cent of companies have adopted 'cybersecurity vulnerability audits' - a tool used to locate "weak spots" in defences which could be "exploited" in an attack.

Likewise, 88 per cent of businesses acknowledged to not using "penetration testing,' a method that typically involves hiring experts to simulate a cyberattack, enabling chiefs to address any security gaps before a real attack.

Finally, only nine per cent survey "threat intelligence,' - an up-to-date information tool informing bosses of known cyber threats such as attack methods or criminal networks.

Risk assessments were revealed as the most common defence in place, with 29 per cent of UK businesses having some form of this measure in place.

Acknowledging that businesses are facing a tough time in the current climate, Joe suggested small cost-free changes bosses can implement.

He said: "It’s also the case that many businesses are facing financial pressures, with nearly a third reporting turnover decreases in January compared to the previous month, and 13 per cent expecting their turnover to decrease in March, according to the latest ONS figures.

"When margins are tight, a single successful phishing attack can be far more damaging. To reduce that risk, it could be a good idea to run regular simulations that let employees safely practise spotting and preventing attacks.

"You could also introduce a two-person verification policy, or ‘four-eyes principle’, for all outgoing payments and banking changes.

"This can be an effective, no-cost protection to better look after your business finances. According to the 2025 Phishing By Industry Benchmarking Report, organisations that implement a strong security awareness program see a significant drop in phishing susceptibility.

"Just 90 days of training can reduce the risk of phishing breaches by over 40%, and after a full year, the overall risk drops by 86 per cent."

Last year, LBC also revealed that cyberattacks are costing UK small businesses close to £1billion a year.

Joe added: "The way cyberattacks are being carried out is becoming more sophisticated, especially with the advancement of AI, but phishing attacks still target the same thing - human error.

“But while staff training is an important preventive measure, it’s not enough on its own.

"Cybersecurity training must be paired with other defences, including close monitoring of company finances to spot any unusual activity.

"Separating business finances into a dedicated account can also help, making unusual transactions easier to detect and giving access to fraud-prevention tools that aren’t always available on personal accounts."