Case studies, fact sheets and interviews offering hints, tips, and inspiration to help your business grow. 

From 7 May 2024, the North East Growth Hub is a project of the North East Combined Authority. We may still refer to "the North East Local Enterprise Partnership" (or "the North East LEP") in some of our older articles. 

How small businesses can protect themselves from cyber-attacks

We spoke to Detective Inspector Martin Wilson of Durham Constabulary (also Head of Student Services at the North East Business Resilience Centre) about what businesses can do to protect themselves from cyber-attacks, and support on offer from the North East Business Resilience Centre (NEBRC).

What is the North East Business Resilience Centre (NEBRC), and why was it established?

The NEBRC is a not-for-profit collaboration between policing, academia, and the private sector that seeks to help SMEs become more secure and resilient to cyber-attacks.

SMEs form the backbone of the UK economy and make significant contributions to GDP and employment. Unfortunately, they are vulnerable to cyber-attacks, with many often failing to recover. The NEBRC is one of a network of national centres that seek to help SMEs protect themselves and if they are attacked, recover with minimum disruption.  

Why is it important for small businesses to be aware of cyber security?

Annual surveys conducted by the UK government show that approximately half of all SMEs experience at least one attack per year and often lack the resources, funds, and expertise to recover.  

What are some of the most common cyber security issues businesses face?

The most pressing issue is one of mindset. Most SMEs know that a cyber-attack can have devastating business impacts, but they discount their vulnerability and rationalise inaction by reassuring themselves they are not important, they have nothing worth stealing, they are not attractive targets for cybercriminals - effectively that they have security through obscurity. This often leads to inaction, resulting in easy pickings for attackers.

The second issue is one of resources; often, the time and money to implement security, understanding what cyber security is, what actions should be taken, and who can be trusted to help. This, again can lead to inaction, putting off for tomorrow what could be done today, resulting in a lack of cyber defenses.  

What support can the North East Business Resilience Centre provide small businesses in the North East?

The NERBC offers police-led, impartial, reduced-cost cyber security help that meets the needs of SMEs.

Each SME engagement is unique, requiring tailored guidance and help that fits an SME’s size, sector, and business needs.

The NEBRC uses government and private sector funding to subside SME help whilst simultaneously harnessing the talent of the next generation of university cyber security students. The NEBRC links students with SMEs, partnering them with industry professionals, to deliver assessments that tell SMEs where they might be vulnerable and what they can do to minimise their risk.  

Is it a free service or is there a cost attached?

Many services are free, but some require funding. The cost is dictated by the size and scope of the proposed work. Any cost is determined via a free, no obligation scoping call; and being a not-for-profit that draws on various funding streams, SMEs are unlikely to get the same service elsewhere at such an affordable price.

Often there can be grant funds that SMEs can tap into to pay for cyber help.  

What are some of the things businesses can do to prevent cyber attacks?

Take care of the basics first; including strong, unique passwords enhanced by 2-step verification (2SV), backup data, and updating software and applications. A lot of great, free, authoritative, and trusted guidance can be found in the National Cyber Security Centre’s small business guide.

Furthermore, NEBRC assessments can really help SMEs understand their cyber risk, and what they can do to reduce it.  

What should a business do if they are the victim of a cyber attack?

Three immediate short considerations include contacting your IT provider to understand the nature and type of attack, its impact, and service level disruption. Contact Action Fraud, the single point of 24/7 cyber reporting for businesses to the police. If there has been a data breach that involves personal information, contact the Information Commissioner’s Office (ICO) within 72 hours of discovering the breach/attack.

You may also consider obtaining legal advice from a knowledgeable data protection lawyer at this point.

Longer-term considerations include risk assessing your business to ensure that such attacks are less likely to happen in the future; something the NEBRC can help with.  

Where can businesses go to find out more about cyber security and the North East Business Resilience Centre?

The NEBRC website is a great place to start. You’ll find links for free core membership, and signing up enables you to get a welcome pack and monthly newsletters with cyber hints and tips.

You can also reach out to the team by emailing


Access more help and support with operating and running your business by visiting the Operations Toolkit on the North East Growth Hub.