’Business leaders have been thrown into an ever-changing and complex landscape,’ says vice president and general manager 

The majority of top bosses at UK small and medium sized enterprises (SMEs) are lacking awareness about the risk of cyber attacks, new figures from Cowbell have revealed.

A survey published by the cyber insurance provider today (27 Septemer 2023) found over three quarters of those operating at the helm of SMEs could not confidently identify a cyber incident at work.

And a further 50% felt they were unable to identify the difference between a phishing and real email.

Cowbell said the lack of cyber education was leaving businesses exposed, with inadequate risk prevention efforts making three in four SMEs a target for an attack.

Simon Hughes, UK vice president and general manager of Cowbell, said: “Business leaders have been thrown into an ever-changing and complex landscape with regards to cyber threats, alongside having to navigate new business processes associated with a rapidly transforming world of work.

”Many have stepped up to keep themselves as robustly protected as possible. However, team-related behaviours and gaps in knowledge highlighted in our research are leaving businesses exposed, showing the need for continual monitoring and action.”


A total of 500 SME UK c-suite and senior managers took part in the survey, which was carried out by Research Without Barriers on behalf of Cowbell.

While the survey highlighted that bosses were lacking awareness about cyber risks, it also found that 77% had no confidence their teams were operating their own devices securely. 

And 89% of bosses said they were not checking with employees to ensure their devices were running the most up to date software.

”If employees aren’t regularly made aware of cybersecurity risks, such as public wifi usage, businesses can find themselves wide open at every coffee shop and neighbourhood their employees work and visit,” Hughes said.

Catherine Aleppo, Cowbell’s UK sales director, added that there needed to be more focus on cyber awareness training.

”Business owners must give their staff the tools and education and ensure they’re continually aware of how to protect devices and digital assets more robustly,” Aleppo added.

”By making training readily available, we as an industry are making an important first step to encourage businesses to adopt a cyber-smart culture, but the research shows there’s still more work to be done.”