Cybercrime continues to hit businesses across the East of England hard, and many of those affected are small, everyday organisations like yours, just trying to get on with their work.
The latest figures from the NFIB Fraud and Cyber Crime Dashboard (Action Fraud) tell a worrying story.
Between 1 March 2025 and 28 February 2026, police forces in Bedfordshire, Cambridgeshire, Essex, Hertfordshire, Norfolk and Suffolk recorded 5,628 cybercrime reports across our region, leading to over £1 million in financial losses.
Worryingly, 182 of those reports came from local businesses, with losses totalling £339.6k. For many small or growing organisations, even a fraction of that impact would be devastating.
And while the number of business reports has dipped slightly compared to the previous year (from 198 to 182), the cost of those attacks has skyrocketed, rising from just £11.3k in losses to £339.6k. This shows that although fewer businesses were targeted, the attacks that did happen were far more damaging.
Despite this, most SMEs we speak to don’t feel “big enough” to be a target, with most telling us that they are already stretched thin with limited time, budget and energy.
That’s why we’ve sat down with Lucid Systems’ cybersecurity expert Karl Wilkinson to find out what’s really happening here on our doorstep.
In this exclusive Q&A, Karl explains why Suffolk and Essex businesses are targets for hackers, what common mistakes small businesses make without realising, and the simple, cost-effective steps that can make a meaningful difference to your security.
Karl, are cyber threats really increasing for SMEs in Suffolk and Essex?
“Worryingly, yes, they are, and the stats above have confirmed what we’re seeing first-hand. We’re spending more of our time working with small and medium‑sized businesses across Ipswich, Bury St Edmunds, Colchester and Felixstowe, who are facing more cyber threats than ever before.
Criminals are deliberately targeting smaller organisations because, from their point of view, you’re an easier win. They can correctly assume that budgets are tight, cybersecurity is inconsistent, and password or access controls might not be as strong as they should be. This means that they’re not necessarily breaking into your system; they are literally walking through an unlocked door without anyone noticing.
We understand that for most businesses, senior teams are so busy keeping the day‑to‑day running that security naturally slips down the list, not because they don’t care, but because they don’t have the time, money or headspace to deal with it.
What’s changed is the impact of these attacks. Even a single successful phishing email or a compromised password can now lead to serious financial loss, downtime, reputational damage, or a GDPR headache you didn’t see coming. And it’s happening right here on our doorstep.”
Why are so many Suffolk businesses still reluctant to invest in cybersecurity?
“Honestly? It’s because most small business owners still believe “we’re not big enough to be a target.”
We hear it all the time. Businesses across Suffolk, and beyond the borders into Essex and Norfolk, often assume that cybercriminals focus only on big brands or national organisations. So, while they might put in the basics, perhaps getting Cyber Essentials or using basic antivirus, they tend to see cybersecurity as something to think about later, when they’ve grown.
The problem is that malicious attackers don’t see you that way. They often target small businesses because you’re busy, juggling ten things at once, and likely to have gaps you just haven’t had time to fix.
For hackers, it’s a numbers game. They want to try and get into as many businesses as possible, they don’t care who they are, what size they are or what sector they are in.”
What are the most significant cybersecurity mistakes local businesses tend to make and why?
“I think the biggest risk is that businesses are often naturally complacent about their security, because if they haven’t been hacked yet, why would they be worried about a hypothetical situation?
But right now, our focus is on reminding businesses in Ipswich and Colchester that it’s no longer enough to worry about IF you get hacked. You need to start worrying about WHEN you’ll get hacked.
Because of this, we spend a lot of time supporting local businesses with the basics that make the biggest difference, including:
- Stricter password policies
- Making sure software updates and patches are applied properly
- Removing old, unsupported devices from their networks
- Turning on multi‑factor authentication (MFA)
- Helping staff spot the signs of a phishing scam, which is still one of the biggest risks for SMEs
These might sound simple, but they’re the foundations of good cybersecurity, and they offer the most protection. And the important thing is that they’re affordable and manageable for businesses of any size, whether you’re a five-person team or a growing organisation with multiple sites.
Many of the local businesses we support started with these essentials before moving on to things like Cyber Essentials certification or more advanced protection. You don’t need to fix everything overnight. What matters is making a start and being continually proactive about improving your security settings.”
How can businesses in Suffolk identify which digital threats pose the greatest risk to their specific operations or industry?
“This is where Lucid Systems comes in, because we don’t expect business owners to keep up with every new threat or trend. That’s what you’re paying us for.
That said, different industries do face different types of risks, and understanding those differences can really help shape your priorities.
For example:
- Retail and eCommerce businesses need stronger protection around payment systems, stock systems, and anything handling customer card data. The recent issues faced by big retailers show how costly these attacks can be.
- Professional services like accountants, solicitors or financial advisers often hold incredibly sensitive client information, so email security, access controls and data backup are critical.
- Healthcare organisations, even small private clinics, are prime targets for ransomware because criminals know that downtime simply isn’t an option.
Our approach as an IT support and cybersecurity service here in Suffolk is simple. At Lucid Systems, we get to know your business, your people, your workflows and your pressures.
Once we understand how you operate, we can identify the most likely risks to your organisation, not just generic threats, and build protection around them. It’s not about drowning you in technical jargon. It’s about giving you confidence, and practical steps that feel achievable, whatever your size or sector.”
If budgets are an issue for SMEs, what are the most cost‑effective cybersecurity measures businesses in Ipswich should take?
“The good news is that some of the most effective protections cost nothing, and they’re often the things small businesses overlook because they seem too simple to matter.
For example, multi‑factor authentication (MFA) is free for most systems, and Microsoft has been clear that it blocks the vast majority of account‑compromise attempts. When SMEs in Suffolk ask me where to start, this is always the first thing I recommend because it offers substantial protection at no additional cost.
From there, the next most affordable but high‑impact steps include:
- Stricter password policies (Many SMEs tell us they’ve never changed their passwords, which is exactly what attackers hope for.)
- Keeping devices updated and removing legacy devices (because outdated systems and old laptops are often the easiest way into a network)
- Sticking to the essentials (Antivirus, anti‑spam filtering, a proper firewall and automatic encrypted backups all work together to form a strong defence layer.)
And if you’re unsure where to invest next, I always point SMEs toward Cyber Essentials certification. It’s affordable, strengthens your reputation, can help reduce cyber insurance costs, and shows your clients that you take cybersecurity seriously. For many small businesses in Suffolk, it’s the perfect balance between budget and protection.”
Limiting digital threats requires everyone to work together. How can business owners build a strong culture of cybersecurity awareness?
“This is one of the biggest areas where small businesses can make a difference, and it doesn’t involve buying anything new. Cybersecurity is no longer just an IT issue; it’s a significant people issue.
The first step is simply talking about it. Many SMEs avoid the topic because it feels technical or overwhelming. But your team needs to know what a phishing email looks like, what to do if something feels suspicious, and why certain rules (like MFA or password policies) exist in the first place.
We always say that regular training sessions make a huge impact. These don’t have to be long or complicated; even 10‑minute refreshers help people stay alert. And the truth is, half the risks we see come from someone accidentally clicking the wrong thing while they’re busy.
It’s also important for business owners and senior leaders to show that cybersecurity matters. When employees see their managers taking it seriously, whether that’s completing training themselves or following the same policies, it sets the tone for everyone else. It’s about giving your team confidence and helping them protect the business, their colleagues, and themselves.”
What are the first signs a business in Suffolk might be under attack from a hacker, and how should they respond?
“The early signs can vary depending on the attack itself, but some common red flags include systems running slower than usual, unexpected crashes, strange pop‑ups, login alerts you weren’t expecting, or files suddenly becoming locked or inaccessible.
And of course, in the most serious cases, you may see a ransomware message demanding payment.
If something doesn’t feel right, tell your IT team immediately. That could be your internal staff or your managed IT support provider. We would far rather investigate and confirm it’s a false alarm than be brought in after the damage has been done.
We also recommend that every business have a simple, written “What to do if you think you’ve been hacked” plan. It doesn’t need to be technical, just a clear checklist so nobody panics, and everyone knows what steps to take.
We’ve created a downloadable guide on this because it’s one of the most common requests SMEs make.”
Need help figuring out what your business needs?
At Lucid Systems, we’re always happy to offer simple, jargon‑free advice to help you understand what steps you need to take to keep your business safe. We provide IT support and cybersecurity support to businesses across Suffolk and Essex.
Book a free 15‑minute security check‑in with Karl, and we’ll talk through your concerns and help you figure out your next steps.
