Skip to content

Risks

25 digital risks SMEs should know about.

Each topic has a plain-English explanation, the questions an owner should be asking, and practical things to try today. Themes mirror NCSC and Cyber Essentials coverage.

Theme 1 · 4 topics

Visibility

Knowing what you actually have.

Business-critical system audit

Do you know what technology your business actually depends on?

Hidden business risk in legacy systems

Could one old system stop your business trading?

Legacy technology modernisation

Are you relying on software nobody understands anymore?

Spreadsheet risk review

Are old spreadsheets quietly running your business?

Theme 2 · 5 topics

Access & data safety

Who can do what with company data.

Access control and accountability

Are ex-employees or old suppliers still able to access your systems?

Password and account safety

Could one weak password expose your company?

Protecting business data

Could a simple mistake delete or corrupt important data?

Data protection and compliance readiness

Do you know where your sensitive data is stored?

Manufacturing system resilience

Could one old PC stop your production line?

Theme 3 · 3 topics

Resilience & recovery

When things go wrong.

Backup and recovery confidence

Are your backups real, or just assumed?

Cyber incident readiness

Would you survive a ransomware attack?

Monitoring and early warning systems

Would you know quickly if something was wrong?

Theme 4 · 5 topics

Suppliers, AI & tools

Who's building what.

Independent review of IT suppliers

Are you paying for IT support but still carrying serious risk?

Staff-built systems and AI-created tools

Are staff building business-critical tools without you knowing?

Safe and productive AI adoption

Is AI creating hidden risk inside your business?

Website and portal risk review

Are your customer portals and websites safe?

Change control for growing businesses

Are changes being made safely, or just made?

Theme 5 · 3 topics

Decisions & evidence

Proof, priorities, spend.

Customer trust and security assurance

Can you prove to customers that their data is safe?

IT spend and risk prioritisation

Is your IT spend actually reducing risk?

Practical digital risk roadmap

What should you fix first?

Theme 6 · 5 topics

Foundations (NCSC baseline)

Phishing, mobile, malware, patching, training.

Phishing & social engineering

Can your staff spot a phishing email when it matters?

Mobile and remote work security

Are phones, tablets and home laptops your weakest link?

Malware and endpoint protection

Is your antivirus actually protecting you?

Patching & vulnerability management

Are you running months-old, patched-everywhere-else software?

Staff training & security culture

Does your team know what to do when something feels wrong?