Recent government figures highlight the importance to employers of strengthening their cybersecurity practices.  With 1 in 2 UK small businesses identifying a deliberate attempt to breach their information systems  (a cyber-attack) last year, and around 1 in 4 experiencing unauthorised access or damage to computers, networks, data or other digital devices (a cybercrime), cyber fraud is a real and pressing threat to businesses.

Businesses of all kinds can be targeted by cybercriminals, who seek to infect digital devices with malware to steal information. Many of these criminals operate overseas, which can make detection and investigation of cyber-attacks significantly more difficult. The implications of a data breach can be significant, not just for the business’ ability to operate, but potentially also in terms of long-term implications for its suppliers and customers. Smaller organisations are often targeted because they are seen as easier targets, with many attacks relying on phishing emails, weak passwords or poor data handling practices.

Cyber Action Toolkit

To help businesses tackle these risks, the National Cyber Security Centre (NCSC) has recently launched its Cyber Action Toolkit, designed specifically to help businesses and their clients strengthen their cyber defences.

The free toolkit provides clear, bite-sized actions to help you protect your business from cyber criminals. It tailors its advice based on business size and needs, creating a personalised list of actions. Starting with low-effort, high-impact steps, it guides users through each action step-by-step, allowing progress to be tracked along the way.

ATT and CIOT resources

In addition, the ATT and CIOT continue to provide guidance to support members in improving their cyber security practices.

The resources include:

• Cyber Security Good Practice Guide:
• GDPR Frequently Asked Questions
• Professional Rules and Practice Guidelines (PRPG); which includes guidance on record keeping and data protection.

The ATT’s and CIOT’s cyber security resources were updated in December 2025. The ATT has also previously shared a summary of cybersecurity tips and checks, offering practical guidance to help reduce the risk of cyber fraud.

For employers, the message is clear, cyber fraud is a business risk that cannot be ignored. By using the NCSC’s Cyber Action Toolkit - alongside the updated ATT and CIOT guidance - employers can take practical, manageable steps to protect their businesses and clients.

This article reflects the position at the date of publication shown above. If you are reading this at a later date you are advised to check that that position has not changed in the time since. 

We regularly publish articles on a range of tax and wider topical issues which affect employers. If you wish to subscribe to our monthly Employer Focus e-newsletter, please contact us.