ARTICLE
20 October 2025

The Evolving Landscape Of Social Engineering

FA
Foot Anstey Solicitors

Contributor

Our team of business and legal advisors want to understand your business or personal goals and partner with you and your other advisers to deliver the solutions you need.

We’ve developed sector advisers to focus on the issues relevant to you, strengthen our understanding and provide expert advice that is easily integrated and actionable in your world.

Small British businesses face an evolving cyber threat landscape in 2025, with incidents becoming more sophisticated as threat actors expand their toolkit. Recent data reveals that, in the last year, 42% of small businesses reported cyber security incidents with the figure rising to 67% for medium-sized businesses.
United Kingdom Technology
Foot Anstey Solicitors are most popular:
  • with Finance and Tax Executives

Small British businesses face an evolving cyber threat landscape in 2025, with incidents becoming more sophisticated as threat actors expand their toolkit. Recent data reveals that, in the last year, 42% of small businesses reported cyber security incidents with the figure rising to 67% for medium-sized businesses. The data indicates that smaller enterprises are not necessarily siloed from cyber incidents; threat actors recognise that smaller businesses are more accessible targets than more sophisticated enterprises with greater resources to invest in cybersecurity.

Social engineering remains a popular tool in a threat actor's toolkit, with 85% of British businesses being targeted by email scams. The popularity of phishing amongst threat actors is not surprising. Smaller enterprises often rely on email for critical business communications and may lack formal verification procedures for financial requests. Staff members frequently wear multiple hats, making them more susceptible to social engineering tactics that exploit their broad responsibilities and time pressures. This susceptibility increases as threat actors become more sophisticated in social engineering; some criminals research their targets extensively, crafting messages that reference actual suppliers, customers or recent business activities to establish credibility before striking.

Concerningly, phishing in and of itself is evolving. Quishing (aka "QR Phishing") is an instance in which threat actors leverage QR codes redirect individuals without relying on modes like hyperlinked text. What makes quishing particularly threatening is that conventional cybersecurity solutions such as secure email gateways may not be able to detect the threat. The lack of awareness around quishing can contribute to the success of this method; malicious hyperlinks are typically the focus of training material on cyber-safety, but QR codes receive less of the spotlight, although we arguably interact with them more in day-to-day life when visiting restaurants or buying tickets.

Social engineering attacks pose a unique challenge for small businesses due to their operational characteristics and resource constraints. The personalised nature of social engineering combined with information about the business and its personnel on social media means that criminals can craft convincing narratives. Regular staff training is therefore critical as employees must remain aware of how to recognise suspicious communications and report them appropriately.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More