Growing cyber threats put North West organisations on the front line in 2026

Cyber security experts are warning that North West organisations should put cyber resilience at the top of their list of New Year’s resolutions for 2026 to ensure that they are protected against growing cyber threats for small businesses.

Cyber experts from the NWCRC found three trends that are converging to make 2026 particularly risky for smaller organisations:

• AI-powered and automated cyber attacks: Cybercriminals are increasingly using automation and generative AI to scale phishing, social engineering and ransomware attacks, making scams harder to detect and more convincing to employees. 

• Expanding digital footprints: More small businesses now rely on cloud services, SaaS platforms, and remote work tools, creating more entry points for criminals. 

• Third‑party and supply‑chain exposure: A growing proportion of breaches in small firms are linked to vulnerabilities at external suppliers or IT providers, rather than direct attacks on the business itself.

A new Microsoft report found that over 70% of human-operated ransomware attacks target organisations with fewer than 1,000 employees. On top of that, recent research from BT found that two in five (39%) of SMEs - a whopping two million organisations in the UK - have not organised any cyber training for their employees. The research from BT also found that the average cost of the most disruptive cyber breach for small or micro businesses is £7,960 and can take months to recover from.

DI Dan Giannasi, head of cyber and innovation at the NWCRC, part of a national network of centres across England and Wales, said: 

“2026 is shaping up to be a defining year for cyber security for smaller businesses and organisations across Cheshire. Cyber criminals often target smaller businesses, education or charities as they know they are an easy target.

“Small businesses and other organisations are the backbone of our regional economy in Cheshire. As a police-backed organisation, we are asking them to take proactive steps now, in order to protect themselves against cyber breaches throughout 2026. 

“The NWCRC offers free cyber training options for Cheshire small businesses, charities and public sector organisations to help them protect themselves against cyber fraudsters. We strongly urge business leaders to ensure that they sign up for this police-backed free offering while funding is still available.”

Practical steps for small businesses and organisations in 2026

The NWCRC recommend that small businesses prioritise practical actions in 2026 including:

Invest time on regular staff cyber awareness training:Educate employees about phishing attempts, social engineering and other cyber attack entry points as human error is a key factor in most successful attacks. 

Install MFA wherever possibleImplement multi‑factor authentication (MFA) on all business accounts where possible, remove unused or old accounts and restrict admin rights where necessary. MFA can block 99% of unauthorised attempts making it the most important protection for any business. 

Password hygiene:Ensure your employees know how to use strong passwords that are unique for every account. They should use a password management tool, such as 1Password, where possible. 

Ensure backups and recovery plans: Maintain and regularly test secure, tested backups so the business can recover quickly from any ransomware or data loss. Also ensure you have a full Incident Response Plan which outlines all of the steps that should be taken in the event of a cyber breach or attack. 

Review suppliers and partnersAssess the security practices of outsourced IT providers, cloud platforms, and other third parties that handle sensitive data or critical services.