Whilst often derided for various reasons,  PCI DSS can hold the key to addressing the cyber security challenges of the UK's small businesses. 

Working on the assumption that all businesses will need payment for what ever it is they are selling, be it goods or services, the chances are they are, or will be taking that payment using cards. This will necessitate a direct or indirect relationship with an acquiring bank, all of which now provide some form of PCI DSS compliance program.  

For small businesses this generally consists of portal providing access to a compliance self assessment service and the option to initiate external vulnerability scans. Most of the said programs are subscription based and in many instances mandated as part of a card acquiring contract. 

This 'virtual infrastructure' represents the perfect foundation for the delivery of a more comprehensive range of cyber security support services, tailored to the needs of small businesses.  

In essence the plumbing is already there, we just need to turn on the tap!