Disruption comes in many forms
In 2022, we saw the highest number of businesses close in the UK since records began in 2002, with 345,000 shutting their doors.[1] A record number of firms in critical financial distress was logged in 2024.[2] In 2025, economic uncertainty, an increased cost of labour and materials, and subdued domestic demand have provided continuing headwinds.[3] There is little evidence that 2026 will be rosier.
The number of private sector businesses in the UK at the start of 2025 was 5.70 million, of which 5.68 million were defined as small or medium, with 249 employees or fewer.[4] However, their small size does not equate to a small economic contribution – they have a combined estimated turnover of £2.8 trillion. SMEs’ ability to withstand disruption is therefore critical to the economy.
SMEs operate as small teams, often with limited bandwidth. Increasing revenue, and line items like payroll and inventory, are more tangible and immediately visible than spending time on scenario planning, which can seem wasteful of resources when things are tight across the board. SMEs may assume that the situation in which the business was created will remain stable and that success will remain linear. That is, until they face their first significant disruption.
Disruption can come from many avenues in many forms. It may be a power cut, or it may be the signatory on the bank account cannot be reached for an urgent payment. The issue may be something larger, such as a demand or supply shock caused by something impossible to foresee, such as the outbreak of conflict or a key shipping route being blocked.
Disruption rarely announces itself – it arrives uninvited. The friction may be a cyberattack, as in the recent cases of Marks & Spencer and Jaguar Land Rover.[5] Likewise, it may be a cloud computing outage such as happened at AWS in October 2025, which had ramifications across the globe due to the concentration of cloud providers.[6]
Having a backup is not inefficient
Scenario planning and the creation of constructive duplication in people, policy and processes requires investment in both time and resource. It may rely on external expertise. The process borrows many of the tenets of military wargaming, not to predict the future but to prepare for it.
A simple thought experiment with which to build resilience is to consider what happens if your primary person, process, debtor or supplier for a given activity is not there anymore. What is the back up? In navigation, GPS can be replaced by map and compass. Communication plans have layers of redundancy built in as standard from primary, alternate, through to emergency. In a boat, if an engine fails, then oars or a sail might take over. Resilience is not just operational; it is cultural. Defence organisations embed it into every plan. SMEs can do the same with the right mindset and partners.
Once that exercise is done and chokepoints have been identified, it is time to fill in the second box. Who can make decisions if the primary decision-maker is unavailable? Are your funds accessible by a second account holder? Effective duplication may look like cross-trained staff who can step into adjacent roles, having multiple suppliers where there was once one and investing in resilient IT security measures. Where an immediate secondary avenue is more difficult to identify, insurance may be the next path to explore to ensure that the financial cost of the disruption is covered.
A multitude of frameworks and approaches exist which will suit different organisations better than others, but SMEs should not let that stop them from investigating. Some crisis management and business continuity methodologies seek to identify vulnerabilities at the level of the employee, that of the organisation and the wider industry and economy.
Another path is stress testing. Stress testing sounds like a strategy which is reserved for central banks and global corporates, but it need not be. Pick three plausible shocks – a supplier failure, cyber outage or revenue drop, for instance. Then think through the impact on cash flow, operations and reputation if that circumstance were to happen. Finally, identify and, most importantly, implement, steps to mitigation, whether that be a credit line, backup suppliers, insurance and so on.
The exercise will necessarily take up resource, but markedly less so than if that scenario arrives without preparatory steps being in place. Stress tests are not about predicting the storm – they are about knowing if your roof will hold. It is easier today than ever to run these scenarios. Generative AI can help SMEs model scenarios faster and stress-test assumptions, but technology is no substitute for strategic thinking.
Choosing a banking partner is a critical step in building resilience. Banks sit at the fulcrum of useful networks. They may work with similar companies to your own and can relay their experiences or make links. Bankers spend their time talking to the CEOs and managing directors, allowing them to identify themes and patterns, both positive and negative. A good banker will introduce you to others in their network, who in turn may be able to share their own experiences, processes and tools.
Case studies
The vulnerable firm
A 40-person precision engineering company in Yorkshire supplies components to UK automotive manufacturers. In late 2024, one of its two major suppliers went into administration with no warning. It had no backup plan, no alternative suppliers and no liquidity buffer. Production halted for six weeks while new suppliers were sourced and credit terms negotiated. The delay strained customer relationships and led to penalties under existing contracts. The financial hit wasn’t catastrophic but was significant enough to force layoffs and defer investment.
The prepared firm
A similar sized engineering firm in the same sector faced the same supplier collapse. The firm had mapped its supply chain risks and identified chokepoints, and as such it had already:
- vetted two alternative suppliers and had pre-approved contracts ready
- secured a small credit facility for emergency procurement
- cross-trained staff to handle procurement and logistics.
Within a week, production resumed with minimal disruption. Customer contracts were preserved, and the cost of contingency planning was negligible compared to the potential revenue loss.
Resilience starts with a conversation
Resilience is a discipline in which investment is critical; it doesn’t happen by chance. For SMEs, the cost of planning is almost always lower than the cost of disruption. Stress-testing assumptions, building redundancy and rehearsing scenarios are not abstract exercises – they are simple practical steps that protect jobs, reputations and growth. These conversations rarely start in the boardroom, but they can start with a trusted partner who understands both the numbers and the bigger picture. Banks that think beyond the balance sheet can help businesses prepare for the unexpected and thrive when it arrives.
Start a conversation with us
If you’re an SME looking for a new business banking partner who can also help you with building resilience and planning for the unexpected, and thrive when it arrives, speak to our business banking team today.
Resilience Audit
1. Leadership & decision-making
- Do we have a clear chain of command for emergencies?
- Is there a designated alternate decision-maker?
- Are critical contacts documented and accessible to all?
2. Financial resilience
- Do we maintain a cash buffer or access to emergency credit?
- Are multiple signatories set up for bank accounts?
- Have we stress-tested cash flow for major disruptions (e.g. loss of our main customer)?
3. Operational redundancy
- Do we have backup suppliers for key inputs? Do we know how to set them in motion?
- Are staff cross-trained for critical roles? Is there a single account holder for key IT systems?
- Is there a contingency plan for IT outages or cyberattacks? Who would we call?
4. Scenario planning
- Have we identified our top three disruption scenarios?
- Do we have documented responses for each scenario? Do people know where to find them?
- Are these plans reviewed at least annually?
5. Technology & data
- Are systems backed up and tested regularly? How are the backups accessed?
- Do we have multi-factor authentication and cybersecurity protocols?
- Is critical data accessible offline if needed? How would we access it?
6. External dependencies
- Do we know which customers or suppliers we are most reliant on?
- Do we have alternatives or mitigation strategies for each?
- Are we monitoring regulatory or geopolitical risks that could affect us?
[1] House of Commons Library, ‘Research Briefing: Business Statistics’, 11 November 2024, https://commonslibrary.parliament.uk/research-briefings/sn06152/.
[2] BBC News, ‘’Costs just keep rising’ – jump in firms in trouble’, 24 January 2025, https://www.bbc.co.uk/news/articles/c9vmrpdrk4eo.
[3] KPMG, ‘UK Economic Outlook’, September 2025, https://assets.kpmg.com/content/dam/kpmgsites/uk/pdf/2025/09/uk-economic-outlook.pdf.coredownload.inline.pdf.
[4] Department for Business and Trade, Business population estimates for the UK and regions 2025: statistical release’, 2 October 2025, ‘https://www.gov.uk/government/statistics/business-population-estimates-2025/business-population-estimates-for-the-uk-and-regions-2025-statistical-release.
[5] BBC News, ‘M&S hackers claim to be behind Jaguar Land Rover cyber attack’, 3 September 2025, https://www.bbc.co.uk/news/articles/c4gqepe5355o.
[6] The Guardian, ‘Amazon reveals cause of AWS outage that took everything from banks to smart beds offline’, 24 October 2025, https://www.theguardian.com/technology/2025/oct/24/amazon-reveals-cause-of-aws-outage.