Cybersecurity Support Networks: Addressing Fragmentation Challenges for Small and Medium-Sized Businesses

Sources of cybersecurity advice and support are overly fragmented, posing significant challenges for small and medium-sized businesses (SMBs) in their quest for cyber resilience, experts have noted. During discussions at a recent cybersecurity event, industry, academia, and government specialists agreed that small businesses are aware of cybersecurity issues but often struggle with where to turn for guidance.

According to the VikingCloud 2025 SMB Threat Landscape Report, cybersecurity ranks as the second greatest concern for British SMBs, just after inflation. Despite this heightened awareness, findings from a recently funded project, Cyber Security Communities of Support (CyCOS), indicate that many SMBs are uncertain about the sources of cybersecurity advice available to them.

Steven Furnell from the University of Nottingham, who is involved with the CyCOS initiative, highlighted the extensive array of websites providing advice on SMB cybersecurity. A casual search reveals numerous resources from governmental, IT, SME, and insurance sectors, none of which comprehensively cover all relevant issues. “Depending on where an SME looks, they may encounter a fragmented understanding of cybersecurity,” Furnell stated.

This confusion is evidenced by statistics showing that only 14% of small businesses have awareness of the NCSC Small Business Guide to Cyber Security. Beyond merely locating an authoritative source of information, Furnell pointed out that many SMBs lack clarity on how to implement guidance. Many interviewees expressed that they feel isolated in their cybersecurity journey, often resorting to professional consultations only when financially feasible.

Amanda Finch, CEO of the Chartered Institute of Information Security, emphasized the need for streamlined pathways to accessible advice and support. “The array of guidelines can overwhelm small businesses; cybersecurity is not their primary focus, and they often operate on tight margins. We need to ensure that cybersecurity advice is both affordable and accessible,” Finch noted.

Introducing Communities of Support

The CyCOS initiative aims to address these challenges by forming community-based support networks in collaboration with various organizations. The goal is to facilitate easier engagement for SMBs in cybersecurity discussions and resources. Furnell encouraged cybersecurity professionals to contribute their expertise to these networks to foster mutual support among SMBs and experts.

“The initiative seeks to promote cybersecurity engagement among SMBs, creating an environment where they can interact with cybersecurity professionals, as well as with each other on a regional or sectoral basis,” Furnell explained.

Sapna Chadha, CEO of the London Cyber Resilience Centre, expressed optimism for this approach, citing the vast number of SMBs and the limited resources available to them. “Creating channels for information exchange can alleviate fears and encourage businesses to seek guidance,” she stated.

Stephen Bell, Head of Cyber Crime Prevention at the Home Office, echoed these sentiments, noting the difficulty in engaging with SMEs. “Businesses tend to respond better when they see their peers taking action. We’re hoping to establish better methods to help SMBs perceive cybersecurity as a manageable area,” he remarked.

The pressing need for increased SMB cyber resilience is underscored by findings that nearly 20% of respondents in the VikingCloud survey indicated their inability to survive a successful cyberattack, with losses above $50,000 posing a severe threat to their business viability.