The government plans to consult on tougher protections for the subsea internet cables that carry much of the UK’s data traffic, a reminder that digital resilience is not just a concern for telecoms giants and banks. Small firms that rely on cloud software, card payments, booking systems and supplier portals should use the announcement as a prompt to review how they would keep trading if connectivity was disrupted.
The Department for Science, Innovation and Technology said on 29 May that ministers will propose tougher penalties for intentional or reckless damage to subsea telecoms cables, new security obligations for cable operators and emergency powers to help protect connectivity during major incidents. The detail is expected in a white paper later this year.
For most SMEs, this is not a reason to panic. The UK has a resilient network and the government says most cable faults are not malicious. But the announcement shows that internet infrastructure is now being treated as critical economic infrastructure. That matters for any business whose sales, payments, customer records or operations depend on being online.
What has been announced
According to the government, subsea telecoms cables support the data flows behind everyday communications, supply chains, emergency services, finance and other key industries. It said the subsea cable industry underpins GBP1.4 trillion in daily UK transactions.
The planned proposals would replace older legislation with a clearer framework for damage to cables. Ministers also want to consult on obligations for cable owners and operators to prevent, detect and respond to security compromises in a consistent way. New emergency powers could allow government to direct businesses to protect the infrastructure and minimise disruption to UK connectivity during serious incidents.
The announcement follows concerns about suspicious activity near undersea infrastructure. The government said the UK has around 64 cables and a strong repair capability, with repair vessels normally on scene within eight days when faults occur. It also said up to 97% of faults arise from fishing activity or vessels dragging anchors rather than hostile action.
Why this matters for small businesses
Small firms rarely have direct control over the infrastructure that keeps them online. A local retailer may depend on broadband for stock systems and card terminals. A consultancy may rely on cloud documents, video calls and client portals. A trades business may take bookings through an app, track vans with GPS and issue invoices from a phone. Even firms that think of themselves as offline often depend on digital services somewhere in the chain.
The practical risk is not usually a single undersea cable fault taking down one small business. The bigger lesson is that connectivity is part of operational resilience. If a wider incident affects internet routes, cloud platforms, payment processors or telecoms providers, small firms can be exposed quickly because they often have fewer backup systems and less spare management time.
BritishSME has previously covered why wireless disruption and signal jammer enforcement can matter for shops, trades and local employers. The same principle applies here: infrastructure risks can feel remote until they interrupt payments, alarms, bookings or customer communication.
What to check now
The first check is how the business would take payments if the main connection failed. Retailers, hospitality operators, mobile traders and service firms should understand whether their card terminals have mobile fallback, what happens if the payment provider is unavailable, and whether staff know when it is safe to use offline processing. Cash handling may also need a simple policy if the business normally discourages cash.
The second check is access to core records. If job sheets, bookings, invoices, stock data or customer contact details are cloud-only, decide what information needs to be available during a short outage. That might mean exporting a daily bookings list, keeping emergency supplier contacts locally, or making sure more than one trusted person can access key systems from a backup device.
The third check is communication. Customers are usually more forgiving when they know what is happening. Prepare simple outage messages for your website, social channels, email autoresponder and phone line. If the business has delivery commitments, appointments or time-sensitive orders, decide who contacts customers and in what order.
Review supplier resilience
Many small businesses outsource resilience without realising it. Broadband providers, payment firms, website hosts, booking platforms, payroll systems and cloud software vendors all form part of the business’s continuity plan. It is worth checking service status pages, support routes and any published continuity commitments.
This does not mean small firms need enterprise-level contracts. It does mean owners should know which supplier they would contact first, what support hours apply, and whether a second route exists. For example, a business broadband line backed by a separate mobile data provider may be more useful than two services that rely on the same local fault point.
Where cash flow is tight, prioritise the systems that stop revenue immediately. Card payments, booking access, customer messaging and order fulfilment often deserve attention before less urgent office tools. Our piece on what small businesses should do during banking and app disruption is a useful parallel, because the best response is usually prepared before the outage begins.
Keep the plan simple
A continuity plan does not need to be a thick document. For a microbusiness, one page can be enough: critical systems, backup options, supplier contact details, staff responsibilities and customer messaging. The test is whether someone other than the owner could follow it on a busy trading day.
It is also worth running a light-touch drill. Turn the question into a short team exercise: if the internet goes down for two hours on a Friday afternoon, what can still happen, what stops, and who does what first? That often reveals practical gaps, such as passwords held by one person, card terminals that have never been tested on mobile backup, or phone numbers stored only in a cloud account.
Cyber security should sit alongside this work. An outage can create confusion, and confusion can make staff more vulnerable to phishing messages, fake support calls or rushed payment requests. Make clear that normal verification rules still apply during disruption.
The practical takeaway
The government’s subsea cable proposals are aimed at national infrastructure, but the business lesson is local and immediate. Small firms should not wait for a major incident before deciding how they would trade without their usual connection or platform access.
Start with the systems that bring in money and serve customers. Check payment fallback, keep essential contacts accessible, agree customer messages and test who can access critical tools. The goal is not to predict every infrastructure risk. It is to make sure a connectivity problem does not turn into avoidable lost sales, missed jobs or confused customers.
Sources
- Department for Science, Innovation and Technology, Plan to toughen protections for subsea internet cables amid heightened Russian activity, 29 May 2026
