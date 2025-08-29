So far this year, M&S, Co-op, Cartier, Harrods and most recently, LVMH, have become victims of cyber attacks. While these events involving big name brands have captured headlines, they’re not the only ones.

New research has revealed that over half of UK businesses have experienced a cyber attack in the past three years alone, proving no organization is beyond the reach of cybercriminals. More startlingly, they’ve suffered a staggering £64bn loss in direct and indirect costs as a result.

As the cyber landscape continues to evolve, AI continues to democratize attacks, cyber groups become more entrepreneurial, and attacks from hostile nation states escalate, that figure is only set to rise.

Reports suggest M&S singlehandedly suffered a £300m profit loss due to the attack on its systems carried out by ScatteredSpider. This must serve as a warning to others. Businesses of all types must act to minimize the devastating impact attacks can have on business growth. Because it doesn’t matter how big or well-known you are. Everyone is at risk.

Shifting from a reactive to proactive cybersecurity strategy can help organizations stay ahead of evolving threats. The investment can mitigate the need to pay out potentially huge sums of money in the wake of the attack, and what’s more, there’s proof it has a positive impact on turnover.

Jake Moore Social Links Navigation Global Cybersecurity Advisor for ESET.

Under preparation increases cyber costs

The rise of AI, increased exposure to international threats and the emergence of Cybercrime-as-a-Service (CaaS) are making the cyber landscape more challenging than ever.

The growing threat of attack methods like ransomware, phishing and supply chain attacks continue to impact businesses of all sizes. Despite this, businesses are often reluctant to implement advanced security measures due to initial high costs involved.

While these costs do initially appear steep for businesses with stretched budgets and other pressing priorities, they pale in comparison to the potential fallout of a cyber attack. The average cost of an attack can reach £721,000 for small to mid-size enterprises (SMEs) and run into the millions for large businesses. For SMEs in particular, this cost can be crippling.

Despite these potentially devastating costs, nearly half of UK businesses still admit to managing cybersecurity fully in-house. But faced with evolving and highly sophisticated threats, a fully in-house approach lacks the external expertise that is vital for keeping pace with cybercriminals.

Resiliency is a cyber must-have

Another major financial challenge for businesses is soaring cyber insurance premiums. But, it has to be said that they are a necessary investment in today’s threat landscape. In fact, the Cyber Security and Resilience Bill, due to be implemented in the second half of 2025, will require businesses to demonstrate cyber resilience, of which comprehensive cyber insurance is a crucial component. With the new bill coming into effect imminently, businesses must prioritize attaining proper insurance sooner rather than later.

And yes, premiums can be high. But having the right cyber protection in place can help to drastically reduce them. In fact, personal experience has shown that implementing measures like an extended detection and response (XDR) platform, multi-factor authentication and vulnerability scanning, can lead to a reduction in insurances premiums of up to 75%.

Cybersecurity as a revenue driver

More UK businesses are considering cybersecurity a strategic priority, with 77% planning to increase their cyber budget over the next year, and for good reason. On average, UK businesses generate an estimated £27bn in additional revenue annually from investing in cybersecurity.

While well-established and widely known brands can rectify the reputational damage breaches can cause, for smaller or less well-known companies, a negative reputation could be devastating. You cannot put a price on reputation.

So, by implementing measures like expert-managed solutions and robust threat detection, businesses can not only reduce their own cyber risk, but prove strong cyber credentials. As customers become increasingly cyber aware, this can now we a deciding factor in winning new business over competitors.

What’s more, outsourcing cybersecurity is cited by 68% of businesses to improve information technology (IT) systems in efficiency, increased performance and reduced IT downtime. Nearly half of respondents also said robust cyber security infrastructure had enabled them to take on more risk such as entering new markets or adopting emerging technologies.

Previously only viewed as a protection measure, businesses are gradually adopting the mindset of strong cybersecurity ultimately boosting streams of revenue and internal efficiencies, providing benefits beyond ‘simple’ security.

As cyber threats evolve, cybersecurity must as well

Reactionary cybersecurity can cost more than 10 times as much when recovering from an attack as businesses would spend on proactive measures.

By implementing cybersecurity, businesses can maximize efficiency, enhance customer trust and position themselves for sustained competitive advantage in an increasingly digital economy.

Early investment carries immense financial and operational benefits, but businesses must be well supported and educated on the necessary cyber measures to suit their specific business needs.

Cybersecurity is evolving as the threat landscape continues to be a growing concern. For some businesses, adopting cyber measures to protect against perceived threats is not enough and only by shifting mindset to see security as a revenue driver will UK businesses fully adopt the necessary measures.

