Gen Z workers are being banned from working-from-home after being targeted by hackers looking for a ‘back door’ access into businesses.
A new report from Vodafone Business has lifted the lid on a worrying lack of cybersecurity awareness and protection among the nation’s small to medium enterprises (SMEs).
Nearly half (48%) of 18 to 27-year-old staff at small firms were targeted by cyber criminals while working from home last year.
In every case, the junior staff member was then ordered to work back in the office by their boss, according to the survey of 1,000 business leaders at SMEs.
Millennials were the second biggest targets, with scammers attacking nearly a quarter (23%) of 28 to 43-year-old WFH staff in 2024.
On average, nearly a fifth (19%) of WFH staff were targeted by malicious attempts to access data last year.
Two-thirds (64%) of firms regularly have staff working from home or at other off-site locations, while nearly two-thirds (60%) of SMEs let staff to use their own IT equipment.
According to Vodafone Business, Britain’s SMEs are incurring annual losses amounting to £3.4billion due to inadequate cybersecurity measures, according to the report.
The ‘Securing Success: The Role of Cybersecurity in SME Growth’ report found the average cost of a cyber-attack for a small firm is £3,398, rising to £5,001 for SMEs with 50 or more staff.
Vodafone is advocating for businesses to better equip their employees with essential cybersecurity tools to ensure their safety online no matter where they are logging in.
Phishing remains the most prevalent form of attack, with seven in 10 (70%) of firms experiencing attempts to steal sensitive information through email, SMS, phone, or social media.
Ransomware, affecting nearly a quarter (23%) of businesses, locks or corrupts files until a ransom is paid.
Many SMEs do not have a comprehensive cybersecurity strategy in place due to budget constraints, limited expertise, and competing business priorities.
A third (32%) of firms have no cybersecurity protections in place at all, while just over a third (38%) invest less than £100 a year in protecting their data.
To try and stem the problem, more than one in eight (15%) SME employees have been banned from working from home due to the risk of falling victim to a cyber-attack.
Vodafone Business, a leading advocate for SME digital transformation, has reinforced the importance of proactive cybersecurity investments.
SMEs cornerstone of UK economy
Mathew Evans, Chief Operating Officer, techUK said: ‘Accounting for 99.8% of the UK’s business population and employing two-thirds of the workforce, its indisputable that SMEs are the cornerstone of our economy.
‘We also know that their digitisation is a key lever for growth and, in order to seize the opportunities that technology offers and unlock productivity, SMEs must take cyber security and resilience seriously.
‘Vodafone UK’s report highlights the significant impacts that cyber-attacks are having on the UK’s SMEs, including an estimated £3.4 billion per year in lost revenue and 28% of SMEs saying that a single attack could put them out of business – demonstrating that that there is still much to do to build resilience and raise awareness about cyber security as a critical business and growth enabler.
‘TechUK has called for government’s Industrial Strategy to have a greater focus on raising technology adoption across the UK’s SMEs to increase productivity and to recognise cyber resilience as integral to growth.
‘The findings and recommendations of this report only further underscore the need to give SMEs the attention they deserve, and to support them in implementing robust plans to build and increase their cyber resilience.’
To provide SMEs with the necessary tools and knowledge for strengthening their cybersecurity defences, Vodafone is offering a complimentary one-month trial of CybSafe, the leading human risk management platform that utilises AI, data, psychology, and behavioural science to assess and enhance cybersecurity behaviour, awareness, and culture within organisations.
The trial version grants essential access to the platform’s education and training sections, featuring various modules designed to increase staff confidence in handling potential cyber threats, such as phishing or ransomware attacks. Additionally, the trial version can accommodate up to 100 employees.
Nick Gliddon, CEO, Vodafone Business UK, said: ‘SMEs are the backbone of our economy, yet they are losing a staggering £3.4billion annually due to inadequate cybersecurity.
‘In today’s rapidly evolving digital landscape, cyber threats are becoming more sophisticated, and SMEs are increasingly in the crosshairs of cybercriminals. Investing in robust cybersecurity is no longer optional – it is a business imperative for protecting sensitive data, maintaining customer trust, and ensuring long-term resilience.
‘At Vodafone Business, we understand the critical role SMEs play in driving innovation and growth, and we are committed to equipping them with the right tools and expertise to stay protected.
‘However, SMEs cannot tackle this challenge alone. Greater collaboration between businesses, industry leaders, and government authorities is essential to providing these businesses with the resources, education, and support they need to strengthen their cyber defences. By working together, we can create a safer, more secure digital environment that empowers SMEs to grow with confidence in an increasingly connected world.’