SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Uk high street office owner worried cyber threats cloud vaults
#
Data Protection
#
Ransomware
#
Digital Transformation

Cybersecurity fears stall UK SMEs' digital ambitions

Thu, 19th Feb 2026
Author image
By Shannon Williams, News Editor

Cybersecurity concerns are the most common barrier to digital transformation among UK small and medium-sized enterprises, according to new research from ISO certification consultancy platform Be Certified.

The survey of 700 SME owners and managers found that 42% cite cybersecurity as the main obstacle to further digitalisation in 2026. Skills shortages and the pace of technological change also featured prominently.

More than half of respondents said digitalising processes is a growth priority. The study found that 55% view process digitalisation as a key priority for 2026. At the same time, 93% said they have concerns about implementing digital changes.

Construction and healthcare businesses reported the highest levels of cybersecurity concern. Nearly half of construction respondents (48%) described it as their top challenge, compared with 47% in healthcare.

The findings come as UK businesses continue to deal with the financial impact of cyber incidents. The outreach accompanying the research cited an estimated annual cost of £14.7 billion for UK businesses. It also referenced National Cyber Security Centre figures showing a 50% rise in "highly significant" cyber attack incidents over the past year.

Risk And Readiness

Respondents also highlighted operational readiness issues. After cybersecurity, 41% said they struggle to keep up with the rapidly changing digital landscape, while 38% pointed to workforce knowledge gaps when using digital tools.

Budget and training constraints also ranked among the top five blockers. The research found that 28% cite a lack of budget for tools, and 24% said they lack resources for workforce training.

These pressures shape how smaller firms approach investment decisions. Many organisations need to modernise workflows and customer services while managing risks linked to data handling, supplier access, and disruption from ransomware or system outages.

Be Certified points to formal cybersecurity frameworks as one route for SMEs that need to demonstrate controls to customers and partners. ISO 27001 is one of the best-known information security management standards, and some organisations use it to set policies, assess risk, and document controls across people, process, and technology.

"Cyber security remains the largest barrier for SMEs in digitalising their operations. As cyber-attacks grow in frequency and sophistication, businesses must ensure they adopt the right security tools to protect their data and processes. For SMEs, it's essential to implement multi-layered security measures in addition to employee training. A cybersecurity framework like ISO 27001 can also help SMEs formalise their security strategy and ensure that their data and systems are protected against emerging threats," said Agnes Sopel, Lead Auditor and ISO consultant, Be Certified.

Calls For Support

SMEs also indicated that funding and training programmes would affect how quickly they can move. Respondents said they want government support through grants, subsidies, and tax incentives.

When asked about preferred forms of assistance, 18% selected grants or subsidies for purchasing digital platforms and software, and another 18% chose subsidised training programmes. Tax incentives for investing in digital tools followed at 17%.

Respondents also highlighted measures linked to staffing and financing. The study found that 15% want financial support for hiring staff, while 14% pointed to low-interest financing schemes.

For policymakers, the findings suggest cybersecurity and digital skills now sit alongside investment capacity as constraints on technology adoption. For industry bodies and supply chain partners, they add to evidence that many smaller firms need practical guidance on procurement, configuration, and staff awareness.

Consultancy Model

The research also looked at how SMEs seek external support. Only 10% said they would consider using a digital consultancy tool. Be Certified offers a platform-based approach to ISO certification and ongoing evidence management for audits.

The survey covered SME owners across several sectors, including retail, IT, and education. Full survey details, including sample and sector breakdowns, are available on request.

The report frames 2026 as a year when many SMEs plan to increase digitisation while reassessing their exposure to cyber attacks. It also suggests demand for structured controls and demonstrable assurance could rise as organisations face customer expectations around data protection and resilience.

Related stories
Wiz expands AI security coverage across cloud & edge
Elastic ties security platform to Google's air-gapped cloud
VPN vulnerabilities don't have to become breaches
CrowdStrike launches AI security coalition with partners
OpenAI rolls out GPT-5.5 with coding & research gains

Top stories

Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
Commvault extends Clumio support to Google Cloud Storage
Commvault brings cloud resilience tools to Google Cloud
Elastic adds Prometheus ingestion & PromQL in Kibana