UK SMBs Are Now a Named Target: What the Latest NCSC Guidance Means for You
18 June 2026 by James Hoad
For years, most cyber security guidance was written with large enterprises in mind. That has changed. Recent NCSC guidance names small and mid-sized businesses directly, reflecting what attackers already know: smaller firms are frequently the easier route into a supply chain that includes larger, better-defended clients.
For a business with 10 to 100 people, this does not mean building an enterprise security team. It means putting the fundamentals in place, Cyber Essentials as a baseline, verified through CE Plus where it matters, and moving towards ongoing monitoring rather than treating security as a one-off project.
If your business has not looked at where it sits against this guidance, that is the right starting question for a conversation with our team.