Hackers are now targeting people, not just systems - offering bribes to bypass security. UK SMEs must strengthen both culture and technology to stay protected.
The BBC recently revealed that hackers attempted to bribe employees to bypass Multi-Factor Authentication (MFA), offering vast sums to insiders willing to compromise company security. It’s a story fit for Hacker News headlines, but the implications go far deeper for UK small businesses.
This case highlights an uncomfortable truth: as technology defences like MFA improve, cybercriminals are pivoting. Instead of attacking systems, they’re attacking people, through bribery, corruption, and social engineering. For SMEs in sectors like accountancy, legal, and finance, where client trust is everything, this insider threat could be catastrophic.
▪️Insider risk is real: Reports of hackers offering six-figure bribes show that criminals understand staff are often the weakest link.
▪️Financial pressure is fuelling corruption: In the current cost-of-living crisis, a £250,000 offer to “just approve a request” could be life-changing for some employees.
▪️High-trust sectors are prime targets: Businesses that handle sensitive client data face reputational damage as well as financial loss if even one staff member is compromised.
This isn’t just a big-business issue. With SMEs accounting for 99% of the UK economy, hackers know that smaller firms often have weaker safeguards and less formal training in place.
Research shows that over 60% of UK breaches in 2025 involved the human element, with insider-driven incidents up by 32% year-on-year. Technology alone isn’t enough; the real defence is cultural.
To reduce risk:
✔️Normalise scepticism: Encourage staff to question unusual requests.
✔️Empower reporting: Make it easy and safe to report suspicious approaches.
✔️Reinforce values: Link cybersecurity to trust, ethics, and professional standards.
As one ITbuilder client, David Suckling of DSCO, explained:
“We’re trusted advisers to our clients. We needed an IT partner who was a trusted adviser to us. You can’t trust all IT companies, but we can trust ITbuilder”.
Even strong MFA isn’t bulletproof. In 2025, 73% of business email compromise cases involved MFA bypass, often via “adversary-in-the-middle” phishing that steals session cookies.
That’s why managed security isn’t just about tools, it’s about blending technology, training, and culture.
How ITbuilder helps UK SMEs build resilience:
🔸24/7 monitoring and MDR (Managed Detection & Response): Continuous threat surveillance across cloud and on-premise systems.
🔸User awareness and phishing simulations: Practical training to help staff spot and stop attacks.
🔸Compliance alignment: Meeting standards like Cyber Essentials, ISO 27001, and PCI DSS.
🔸Real-time response playbooks: Action plans that remove fear and uncertainty when attacks happen.
What if someone did say yes to a bribe? With ITbuilder’s managed security, even a compromised MFA doesn’t mean an open door.
The system analyses location, device, and behaviour. If a login occurs from Moscow at 3am, or if the “digital journey” is impossible, access is instantly blocked and admins alerted.
This layered approach ensures peace of mind for decision-makers: even if employees make mistakes, the system is ready to catch and contain the fallout.
Accountancy firm DSCO partnered with ITbuilder to overhaul their IT systems. The result?
✔️300% increase in productivity
✔️Seamless remote working before COVID-19
✔️Reduced downtime and improved client service
Technology enabled growth, but culture sealed the deal: DSCO’s people embraced the change, supported by ITbuilder’s collaborative, plain-English approach.
For SMEs, this is the key lesson: the right mix of security technology and staff buy-in doesn’t just protect against bribes and breaches, it fuels growth.
This is the uncomfortable scenario every SME leader must consider. If even one staff member would hesitate before reporting such an offer, your defences are weaker than you think.
Why not run a quick test? Ask your team:
▪️What would you do if you received such an offer?
▪️Would you know how to report it safely?
▪️Do you feel confident that management would back you for speaking up?
Cybersecurity in 2025 is no longer just about firewalls and anti-virus. It’s about defending against corruption, bribery, and human vulnerability.
With ITbuilder’s Managed Detection & Response, user training, and compliance-first approach, UK small businesses can:
🔸Protect against insider risk and sophisticated attacks
🔸Increase productivity by freeing staff from downtime and uncertainty
🔸Certify compliance and demonstrate trust to clients
👉 Let’s make your people your sharpest defenders, not your weakest link.
☎️ Book your free user-awareness session or
✅ Complete our Cyber Readiness Assessment
📩 Get in touch or email us at info@itbuilder.co.uk