We report an online survey of 85 U.K-based SMEs that explored their threat and coping appraisals towards five common types of cyber-attack: Network being hacked; Data being stolen or encrypted; malware infection; mobile devices being compromised; and phishing email attack. Overall, SMEs’ reported assessment of the risk of an attack was low, particularly for the possibility of their business network being hacked or their data being stolen or encrypted. However, there was an incongruence in their Threat Appraisals since, while they believed the risks to be low, they reported that the impact would be high. In terms of Coping Appraisal, respondents indicated that measures to prevent such attacks were both inexpensive and effective. However, their reported self-efficacy was significantly lower for keeping mobile devices safe and avoiding phishing attacks. We discuss these results taking into consideration additional qualitative data and provide recommendations for SME engagement
