Two million remote working businesses sitting ducks for cyber-attacks, according to research

Tuesday 14th December 2021

Man's finger clicking a laptop keyboard
  • Three quarters remote working businesses have no plan in the event of a cyber-attack, while 2 in 5 of these businesses admit they haven’t given the prospect a cyber-attack much thought
  • Smaller businesses 20% more at risk than larger ones
  • Just 23% of remote working businesses have invested in new software in the past year

With remote working being a feature of business life for the foreseeable future, new research has revealed around two million small businesses are potentially sleep walking into danger without the right contingency plan in place to deal with a cyber-attack.

A survey by Hitachi Capital Business Finance of over 1,000 small business senior decision makers found that around three quarters (73%) of remote working businesses (those working from home and in a hybrid set up) said they did not have a contingency plan for a cyber-attack, while two in five (38%) of these businesses admitted they had not even given the prospect of a cyber-attack much thought.

The results come at a time when ransomware attacks in the UK have doubled in a year, according to the GCHQ, with the director of GCHQ, Jeremy Fleming, saying cyber-crime is “largely uncontested” and “highly profitable” to criminal organisations[1].

In the past year, just 23% of remote working businesses had invested in new software.

Smaller businesses were found to be more at risk. Those with fewer than 10 employees were 20% more likely to be at risk from the damaging effects of a cyber-attack, according to the research. Four in five (83%) micro-businesses said they did not have a cyber-attack plan (with over a third (37%) admitting they had not given it much thought), compared with 67% of businesses with more than 50 employees.

By sector, the results suggested that those in media and marketing were among the most at risk. Over two thirds of small businesses in this sector planned to work remotely for at least the next six months, however 83% had no cyber attack plan in place (with a third admitting they had not given the issue much thought). Similarly, for those in retail (56% working remotely), 83% had no cyber attack plan in place (with a quarter admitting they had not given the issue much thought).

In terms of tech sophistication, 44% of remote working small businesses felt they were not using technology operationally each day to its fullest extent. Of these around 10% admitted that their tech capabilities held them back as a business, while the remainder believed they were behind the leaders in their market.

Joanna Morris, Head of Insight and Marketing at Hitachi Capital Business Finance, commented: “The shake up caused by the pandemic for small businesses produced enormous change to working practices for most, and as the dust of the pandemic gradually settles and the picture becomes clearer, remote working will be a more prominent feature than it was. As businesses transition to a new permanent way of working, areas will be exposed that could be exploited. As the number of businesses moving operations online increases, so too will the number of ransomware attacks.

“The fact that so many businesses working remotely do not have the right plans in place, or have even given this much thought, is a concern. Not keeping websites and systems up to date could allow hackers to steal staff, client or customer data, or damage a business’s reputation. Investing in proper security systems needs to be at the top of a list of priorities. Only with this peace of mind will it be possible to plan effectively for the long term.”

[1] (

Notes to editors

2 million figure

There are 5.5 million small businesses in the UK in 2021 according to the FSB:

50% are planning to work remotely for at least the next 6 months (22% working from home; 28% hybrid working), according to Hitachi Capital Business Finance research (equating to 2.75 million small businesses)

76% of 2.75m is 2,007,500

Small business research

The research was conducted in October 2021 by MaruBlue among a representative sample of 1,464 small business decision makers spanning industry sectors.