SME Cybersecurity in 2026: What the SANS Identity Threats Survey Means for UK Small Businesses

Knowledge Section

What is identity security in an SME context?

Identity security means controlling who can access business systems, how they prove who they are, and what they can do once inside. For SMEs, it usually centres on email, cloud apps, finance platforms, and admin accounts. It is one of the most effective ways to improve SME cyber resilience quickly

Why are identity attacks increasing against small businesses?

Identity attacks are increasing because passwords, session tokens, and MFA prompts are easier to exploit than well-defended networks. Many SMEs use cloud services, outsourced IT, and shared permissions, which gives attackers more routes in. Phishing protection for SMEs is therefore a core defence, not a nice-to-have.

How does Cyber Essentials help with identity-related risk?

Cyber Essentials helps by enforcing practical controls around access control, secure configuration, patching, malware protection, and firewalls. It does not solve every identity threat, but it reduces the chance that a stolen account leads to wider compromise. For many UK SMEs, it is the right baseline.

Which Identity Risks Should SMEs Prioritise First?

The biggest identity risks for UK small business cyber threats are usually the least glamorous ones:

1. Phishing and MFA fatigue
Users are tricked into revealing credentials or approving repeated login prompts.

2. Privileged account misuse
Too many users have admin rights, or one shared account controls everything.

3. Poor offboarding
Former staff or contractors retain access long after they leave.

4. Weak supplier access controls
Third parties connect remotely with excessive permissions.

5. Session hijacking and token theft
Attackers steal active login sessions, which can reduce the protection MFA provides.

The NCSC guidance on phishing attacks and Cyber Essentials both point in the same direction: reduce unnecessary access, harden authentication, and make account compromise harder to turn into a wider incident.

What Practical Identity Controls Improve SME Cyber Resilience?

The good news is that high-impact improvements do not require a large security team. For sme cyber security best practices, start here:

1. Turn on MFA everywhere that matters first
Prioritise email, finance systems, remote access, and admin accounts. Use phishing-resistant options where possible.

2. Remove shared and unnecessary admin accounts
Give each person their own account. Limit admin rights to named users only.

3. Review leavers and dormant accounts monthly
This is one of the simplest UK GDPR security measures to tighten quickly. The ICO’s security guidance is clear that access should be appropriate and controlled.

4. Adopt Cyber Essentials controls
The scheme gives SMEs a practical baseline for secure configuration, access control, malware protection, patching, and firewalls. It is often the fastest route to better endpoint security for small business environments.

5. Create a basic cyber incident response process
Document who disables accounts, who contacts your IT provider, and how you report a personal data breach if needed. The ICO personal data breach guidance is particularly relevant if email or customer data is exposed.

For most SMEs, identity security is now business continuity. Secure the account, and you often stop the breach from spreading.

The SANS survey reinforces a simple truth: attackers target identities because identities open doors. For UK SMEs, the smartest response is not more complexity. It is tighter access control, stronger MFA, cleaner admin practices, and alignment with NCSC, Cyber Essentials, and ICO guidance.

Start with a 30-minute identity access review this week; check who has admin rights, where MFA is missing, and which old accounts still exist.