Cyber Awareness Month 2025: Practical Steps to Build Cyber Resilience

Why October Matters for UK Organisations

Cyber-attacks against UK organisations continue to rise in both frequency and sophistication. The increased use of AI by threat actors has made attacks faster and more effective. In 2024 alone, around 50% of organisations, including charities and SMEs, experienced some form of cyber incident. Notably, 41% of UK SMEs reported financial losses due to fraud, with the average loss sitting at £4,000 per incident.

The impacts go beyond financial damage, extending to data loss, reputational harm, and service disruptions. The UK SME Cybersecurity Threat Report 2025 identifies ransomware, phishing, and AI-driven impersonation as the most pressing threats this year.

What Is Cyber Awareness Month?

Held every October, Cyber Awareness Month serves as a powerful reminder that cyber threats are a daily risk for organisations of all sizes, including those in the third sector and professional services.

From major retailers to local nurseries, recent cyber incidents prove that no organisation is too big or too small to be targeted. Small teams with limited IT budgets and trusted client relationships are particularly appealing to cybercriminals.

Ten Practical Cyber Security Steps for SMEs and Charities

Here are 10 actionable steps organisations can implement to mitigate risk and strengthen resilience:

1. Regular cyber training and simulations: Conduct training for all staff and volunteers. Maintain an up-to-date cyber security policy.

2. Frequent data backups: Use separate or offline networks for backups and test for recovery effectiveness.

3. Enable multi-factor authentication (MFA): Encourage strong, unique passwords and layer them with MFA.

4. Implement patch management and endpoint protection: Keep software and systems updated.

5. Limit access and apply the principle of least privilege: Only give access to data and systems where absolutely necessary.

6. Develop an incident response and business continuity plan: Test these plans regularly.

7. Network segmentation and VPN use: Restrict remote access and segment your systems to limit spread during breaches.

8. Maintain a tested list of suppliers, contracts, and data flows: Be prepared to act quickly if a third-party breach occurs.

9. Achieve Cyber Essentials certification: Or consider an independent cyber audit.

10. Arrange Cyber Insurance: It’s essential, not optional. Talbot Jones Ltd can advise on the best cover for your needs.

Embedding Cyber Resilience into Daily Operations

The combination of these steps, alongside Cyber Essentials or periodic IT audits, creates a strong foundation for cyber resilience. Integrate these actions into your organisation’s governance and document changes to track your progress.

Cyber insurance and strong security practices should not be seen as alternatives—they work together to reduce the likelihood and impact of incidents.

If you would like guidance on appropriate cyber insurance, contact Talbot Jones today.