Full Report
Experts argue the case for “communities of support” to boost SMB cyber-resilience
Analysis Summary
# Industry News: SMB Cybersecurity Support Networks Fragmented, Hindering Resilience
## Summary
Experts at Infosecurity Europe 2025 highlighted that while cybersecurity awareness is high among UK Small and Medium-sized Businesses (SMBs)—it's their second biggest concern after inflation—the actual support ecosystem is too fragmented. A government-funded project (CyCOS) found that a lack of a single, comprehensive source for reliable advice leaves SMBs confused about where to turn for necessary guidance to build cyber resilience.
## Key Details
- Date: June 4, 2025 (During Infosecurity Europe)
- Companies Involved: University of Nottingham (leading the CyCOS project), Various Government, IT Industry, SME, and Insurance sector organizations providing advice.
- Category: Market Analysis/Industry Observation
## The Story
During the Infosecurity Europe 2025 event, a panel discussion concerning the state of SMB readiness revealed a critical gap: access to actionable, organized support. Citing the VikingCloud 2025 SMB Threat Landscape Report, experts confirmed that cyber risk is a top-of-mind issue for small businesses. However, Steven Furnell of the University of Nottingham, involved in the CyCOS project, presented findings showing that current guidance sources from regulators, industry vendors, and insurance bodies are highly inconsistent. No single source covers all critical issues, and coverage of specific issues varies widely across providers, leading to a confusing and fragmented experience for SMBs seeking to implement coherent defense strategies.
## Business Impact
### For the Companies Involved
- **CyCOS Project/Academics:** Validation of the problem provides a mandate for further research and the potential development of standardized frameworks or centralized resource hubs.
- **Vendors/Advisors:** Current marketing and outreach strategies are failing to reach SMBs effectively due to the noise and fragmentation, necessitating better collaboration or consolidation.
### For Competitors
- Companies that can successfully aggregate, simplify, and deliver consolidated cybersecurity guidance risk gaining a significant competitive edge in the often-neglected SMB advice space.
### For Customers
- SMBs continue to struggle with decision paralysis when seeking cybersecurity help, potentially delaying necessary investments and leaving them exposed to risk despite high awareness.
### For the Market
- This signals a clear market efficiency failure where demand (high concern among SMBs) is not being met by organized supply. It suggests a long-term need for consolidation, standardization, or stronger government intervention to streamline SMB cybersecurity support.
## Technical Implications
Not directly related to specific technology, but the fragmentation implies disparate technical advice regarding tool selection, implementation, and best practices (e.g., endpoint security vs. cloud configurations).
## Strategic Analysis
- **Market Positioning:** The current landscape positions specialized consultants or large MSSPs who *can* synthesize fragmented advice as valuable, despite the inherent confusion in the market.
- **Competitive Advantage:** Vendors or organizations that champion standardization or create clear referral pathways stand to build significant trust within the SMB segment.
- **Challenges:** Overcoming established silos between government bodies, industry associations, and commercial vendors to create a unified front is a significant coordination challenge.
## Industry Reactions
- **Analyst Opinions:** Analysts are likely to view this as a major hurdle for widespread SMB digital transformation and resilience, reinforcing the idea that security complexity is a barrier to entry for smaller firms.
- **Expert Commentary:** Experts are pushing for clearer governmental leadership or industry consortia to curate trusted, baseline resources.
- **Market Response:** Likely to spur discussion around the creation of federated cybersecurity hubs or reference architectures specifically tailored for the SMB segment.
## Future Outlook
- We can expect governmental bodies or industry groups to launch initiatives aimed at standardizing the messaging or consolidating accredited advice sources.
- Vendors targeting SMBs will need to invest in simplifying their communication to address the complexity identified by the CyCOS project.
## For Security Professionals
Security consultants and Managed Security Service Providers (MSSPs) focused on the SMB segment should leverage this identified confusion. They can strategically position themselves as the essential "translator" or "integrator" who cuts through the noise and provides a coherent, curated roadmap for their clients.