Fighting the FUD (Fear, Uncertainty and Doubt)

How small businesses can win the war against fraud, cyber threats and insider risks.

Today, 1st September, marks a watershed moment in UK business security. As the failure to prevent fraud offence under the Economic Crime and Corporate Transparency Act 2023 comes into force, large organisations across the country are scrambling to demonstrate they have “reasonable procedures” in place to prevent fraud.

But what does this mean for the millions of small and medium-sized businesses that form the backbone of the UK economy?

While the new legislation primarily targets organisations with over 250 employees, turnover exceeding £36 million, or assets above £18 million, the underlying message is clear, the age of reactive security is over. The future belongs to businesses that proactively prevent threats rather than merely respond to them.

The stark reality, FUD is real and growing

The statistics paint a sobering picture of the threat landscape facing UK businesses in 2025:
Cyber threats are escalating.

• 43% of UK businesses experienced cyber breaches or attacks in 2025, with retail and healthcare bearing the brunt of ransomware campaigns

• UK businesses faced over 7.78 million cyber-attacks in 2024 alone

• Phishing attacks caused 85% of all business cyber incidents, increasingly powered by AI-generated messaging

• The average direct cost of a UK cyber-attack has risen to £10,830 per incident

Fraud reaches record levels

• UK businesses reported 3.3 million fraud incidents in 2024 – an all-time high

• Total losses from unauthorised transactions increased 2% to £722 million

• Approximately £1.45 billion worth of fraud was prevented by financial institutions, indicating the true scale of attempted attacks

• Fraudsters are exploiting AI to target high-volume, low-value transactions that often slip under traditional detection systems

Insider threats multiply

• Nearly one in three security breaches across enterprises are linked to insiders

• 20% of businesses experienced cyber-crime in the last year, often connected to insider causes including staff errors, access misuse, and collusion

• Remote working and cloud platform adoption continue to drive up exposure to insider risks

The prevention-first approach, your shield against FUD

The good news? Small businesses have unique advantages in the fight against these threats. Unlike large corporations constrained by complex legacy systems and bureaucratic processes, smaller organisations can implement agile, focused prevention strategies that deliver maximum protection for minimal investment.

1. Insider threat prevention, know who you are hiring

The challenge, with nearly one-third of security breaches linked to insider threats, your greatest risk might be sitting at the desk next to you.

The solution, Comprehensive employee screening and ongoing due diligence.

Practical Steps for Small Businesses

• Implement thorough background checks for all new hires, scaled to the role’s risk level

• Establish clear baseline behaviours for normal system usage and data access

• Conduct regular access reviews to ensure employees only retain permissions they need

• Create anonymous reporting channels for suspicious behaviour

• Develop employee assistance programs to address personal issues before they escalate to security risks

• Implement the principle of least privilege, give employees only the access they absolutely need

Cost-effective implementation, many small businesses can leverage existing HR processes and simple monitoring tools. The investment in proper screening and basic access controls is minimal compared to the potential cost of an insider incident.

2.    Fraud prevention, make Due Diligence your first line of defence

The challenge, with 3.3 million fraud incidents reported by UK businesses in 2024, fraud prevention can no longer be an afterthought.

The solution, rigorous due diligence on partners, suppliers, and transactions.

Practical Steps for Small Businesses

• Verify the identity and legitimacy of all new business partners and suppliers

• Implement multi-layered verification for high-value transactions

• Establish clear financial controls and segregation of duties

• Regular audits of financial processes and transactions

• Employee training on recognising fraudulent requests and social engineering tactics

• Implement strong authentication measures for all financial systems

The Due Diligence advantage Small businesses can often conduct more thorough, relationship-based due diligence than larger organisations. Use this personal touch as a competitive advantage in preventing fraud.

3.   Cyber security, assessment before investment

The challenge, with cyber-attacks costing UK businesses an average of £10,830 per incident, the temptation is to throw money at expensive security solutions.

The solution, conduct a comprehensive risk assessment before purchasing expensive interventions.

Practical steps for small businesses

• Conduct a thorough security audit to identify your most critical assets and vulnerabilities

• Map your data flows and identify where sensitive information is stored and transmitted

• Prioritise investments based on risk impact rather than vendor recommendations

• Implement basic security measures first, strong passwords, multi-factor authentication, regular updates, and employee training will massively improve your situation

Smart investment strategy

Rather than buying the latest expensive security tools, focus on foundational security measures that address your specific risk profile. A £500 investment in proper backup systems and employee training often provides better protection than a £5,000 security appliance you don’t fully understand or maintain.

The new legal landscape, what small businesses need to know

While the failure to prevent fraud offence doesn’t directly apply to most small businesses, its introduction signals a broader shift in regulatory expectations. The principles underlying the legislation, proactive fraud prevention, risk assessment, due diligence, and monitoring represent best practices that all businesses should adopt.

Key elements of reasonable fraud prevention procedures

                  1.             Top-level commitment, leadership must champion fraud prevention

                  2.             Risk assessment, understand where your vulnerabilities lie

                  3.             Proportionate procedures, implement controls that match your risk profile

                  4.             Due diligence, verify partners, suppliers, and high-risk transactions

                  5.             Communication and training, ensure all staff understand their role in prevention

                  6.             Monitoring and review, regularly assess and update your defences

Your competitive advantage and USP ‘trust through security’

In an era where consumers cite transaction security as the second most important factor (after price) when making online purchases, robust fraud and cyber security measures aren’t just protective, they are competitive advantages.

Small businesses that can demonstrate strong security practices will

                  •               Win more customer trust and loyalty

                  •               Qualify for better insurance rates and terms

                  •               Meet the security requirements of larger business partners

                  •               Position themselves for growth without security constraints

                  •               Sleep better knowing they’re prepared for emerging threats

Moving beyond FUD, from fear to confidence

Fear, Uncertainty, and Doubt don’t have to paralyse your business. By adopting a prevention-first mindset and implementing practical, proportionate controls, small businesses can not only protect themselves but thrive in an increasingly complex threat environment.

The key is to start with what you can control, proper screening, thorough due diligence, and smart risk assessment. These foundational elements cost little to implement but provide outsized protection against the threats that cause the most damage to small businesses.

Taking action today

As the failure to prevent fraud offence takes effect today, large organisations across the UK are discovering that compliance isn’t just about having policies, it’s about embedding prevention into the DNA of how business is conducted.

Small businesses now have the opportunities to learn from this shift without facing the regulatory burden. By adopting the same prevention-focused mindset and implementing practical controls tailored to your size and risk profile, you can build a more secure, more resilient business.

Don’t wait for the next cyber-attack, fraud incident, or insider threat to force action.

Start your prevention journey today:

                  1.             Assess – Understand your current risks and vulnerabilities

                  2.             Plan – Develop proportionate controls that fit your business

                  3.             Educate – Train your team to recognise and prevent threats

The age of reactive security is ending. The businesses that thrive in the years ahead will be those that choose prevention over prosecution, preparation over panic, and knowledge over fear.

Your business, your customers, and your peace of mind are worth the investment.

Intelect Group specialises in helping businesses of all sizes develop practical, proportionate security and fraud prevention programs.

Our team of former intelligence professionals and due diligence experts understands that effective security isn’t about the most expensive tools, it’s about the right approach for your specific risks and circumstances.

For more information about building your prevention framework, visit www.intelect-group.com or contact us for a confidential consultation.