Cybercrime costs Derbyshire SMEs £84 million a year

Small and medium-sized enterprises (SMEs) across Derbyshire are facing a growing and costly threat: cybercrime. According to new research from Vodafone Business, cyber-attacks are draining a staggering £84 million a year from local firms - and the problem is only getting worse.

Nearly one in three Derbyshire businesses were targeted by cybercriminals in 2024 alone, with more than 10% reporting between one and five attacks. Even more alarming, 5% faced multiple incidents, with some businesses hit more than ten times in a single year. On average, this adds up to a £1,559 loss per business annually.

What’s behind the surge?

Many of these attacks succeed due to limited cyber security defences. Smaller businesses often lack the budget, tools, or expertise to fend off digital threats, leaving them vulnerable to data breaches, system failures, and even reputational damage.

But Derbyshire isn’t alone in this. Across the UK, SMEs are collectively losing £3.4 billion every year to cybercrime. It's a national crisis - and one that’s growing fast.

Key Findings from the Vodafone Study:

• 52% of SME employees haven’t received any cyber security training.

• 32% of businesses operate without adequate digital protection.

• 38% of companies spend less than £100 annually on cyber security.

• 64% have staff working remotely, and 60% allow the use of personal devices for work - adding even more exposure.

  
  

Common types of attacks

The most reported cyber threats among local businesses include:

• Phishing (70%) – Fake emails or messages tricking users into revealing personal or company data.

• Ransomware (23%) – Malicious software that locks systems or data until a ransom is paid.

• DDoS attacks (20%) – Overwhelming a company’s systems with traffic to disrupt operations.

Why cyber security needs to be a priority

With hybrid and remote working here to stay, these findings are a wake-up call. Personal devices and unsecured networks are now prime entry points for cybercriminals.

Some businesses have responded by tightening up remote work policies, but long-term protection will require more than restrictions - it demands investment in people, tools, and training.

Support for SMEs

This is where we come in. At base level, we offer free government-backed advice, inline with the National Cyber Security Centre's guidance. This comes to you in the form of emails over the course of a year when you sign up to the email subscription service/information pack, which takes less then a minute do complete. This advice and guidance is free, and it may contain something that, as a business owner or employee, you might not have considered.

We offer 30-minute chats with our Business Engagement Manager, Andy Maddison. This online chat is designed to put you on the right course when it comes to your business’s cyber security, and as a subject matter expert, Andy will advise on best practices, tactics and techniques to ensure you’re on the right track.

We also offer services like vulnerability assessments and the very popular Security Awareness Training, delivered as part of the CyberPATH initiative. The SAT will upgrade employee knowledge when it comes to looking out for online threats in the work place (or when working from home) via a highly-engaging, non-technical 2-hour session.

Got a question? Get in touch...we’re here – and happy – to help.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).