It is well known that Small and Medium Enterprises (SMEs) are being targeted by cyber criminals, and that many fall victim to attacks. We carried out an investigation, funded by the Scottish Government, to find out what the state of play was for UK SMEs. We surveyed 361 small businesses (with fewer than 250 employees) across the UK to determine their experience of attacks, attitudes towards cyber security, and to assess their current practices in terms of controls they implement and precautions they take in the cyber domain. We asked them several questions to assess their “cyber situational awareness”, based on Endsley’s (1985) theory. Our questions were aimed at assessing SMEs’ awareness of:
The reality of cyber security threats.
The precautions and controls they could take.
The need to act upon their knowledge.