At a recent Mole Valley Chamber business breakfast, members heard an eye-opening talk from Patrick Milford of the South East Cyber Resilience Centre (SECRC). As a veteran police officer with nearly 30 years of experience in homicide and specialist crime, Patrick now helps businesses stay one step ahead of the growing threat of cybercrime.

“It’s not if, it’s when” – the cyber threat facing businesses

Patrick began by explaining that cyberattacks don’t just target large corporations like M&S or Jaguar Land Rover. “Criminals don’t care if you’re a local shop in Dorking or a national retailer,” he said. “They’re not attacking you personally – they’re scanning for weaknesses. To them, you’re an IP address, not a name.”

He highlighted how many businesses underestimate the risks of cybercrime, believing it’s too expensive or too technical to worry about. But the reality is simple: if you’re connected to the internet, you’re vulnerable.

The financial fallout of a cyberattack

If cybercrime were a country, it would have the third-largest GDP in the world – bigger than Germany, smaller than China. That money is coming from somewhere, and too often it’s from unsuspecting small businesses.

Patrick shared that 60% of small businesses fail within six months of a cyberattack due to the disruption and recovery costs involved.

He also cited the 2014 Morrisons data breach, when an insider leaked 100,000 staff records – costing the supermarket £2.6 million to put right. The lesson? Internal controls and smart access management are just as important as external defences.

The first line of defence: your people

Around 90% of successful cyberattacks begin with a phishing email. Patrick’s message was clear: “Start with your people. You can buy great technology, but if your staff don’t know how to spot a suspicious link, it’s money wasted.”

He encouraged all businesses to take advantage of the SECRC’s free cyber awareness training, helping teams recognise and report phishing emails before they do damage.

AI and automation: a cybercriminal’s dream

The rise of artificial intelligence has made it easier for criminals to commit cybercrime. “You used to need deep technical knowledge,” Patrick said. “Now you can buy everything you need on the dark web and let AI do the rest.”

At the same time, small businesses are becoming more digitally dependent — using online payment systems, social media and cloud platforms. “That creates more entry points for attackers,” he added. “It’s a perfect storm of vulnerability.”

What happens when your business gets hacked

Patrick walked attendees through a typical ransomware attack. “Criminals break in, lock your files, and demand payment to unlock them,” he explained. “But pay once, and they’ll come back again. There’s no guarantee you’ll ever get your data back.”

He advised against paying ransoms, noting that while it isn’t illegal, it rarely solves the problem and can make your business a repeat target for future cyberattacks.

Building cyber resilience for your business

Patrick recommended several practical, affordable ways to protect your organisation from cybercrime:

• • Cyber Essentials starts at around £320, while Cyber Essentials Plus (including external auditing) costs roughly £1,400 + VAT.

  • Certified businesses are significantly less likely to experience cyberattacks and may qualify for free cyber insurance. Get Cyber Essentials certified. This government-backed scheme helps identify and fix common weaknesses.

• Have a cyber response plan. “If your systems went down tomorrow, could you still operate?” Patrick asked. Keep key contacts and processes printed out—old-school, but effective.

• Use free resources. The National Cyber Security Centre (NCSC) provides toolkits and guides for both small and large businesses, helping them prepare for and recover from cyber incidents.

The SECRC: free support for South East businesses

The South East Cyber Resilience Centre is one of nine regional centres across the UK, established by the Home Office to help protect small businesses from cybercrime.

The centre provides free, impartial advice and police-led support, including:

• Free email updates and alerts about current cyber threats.

• One-to-one cyber posture reviews.

• Security awareness training sessions (online or in person).

• Vulnerability and website assessments carried out by vetted cyber students supervised by professionals.

Patrick compared their approach to a fitness plan: “We help businesses go from couch to 5K in cyber terms — building confidence and resilience step by step.”

A final reminder: vigilance is everything

Patrick closed with a message every business owner should hear: “Scammers only need to be lucky once. You have to be vigilant all the time.”

But with practical awareness, training, and support from organisations like the SECRC, even the smallest businesses can protect themselves from cybercrime and cyberattacks — and bounce back stronger if the worst does happen.