Recent UK Cyber Attacks Show the Urgency for Preparedness
In recent weeks, several major UK brands — including Marks & Spencer, Co-op, and Jaguar Land Rover — have suffered serious cyber incidents, disrupting operations and shaking customer confidence. The National Cyber Security Centre (NCSC) reports that “highly significant” cyber attacks have risen by around 50% over the past year, handling a serious incident on average every other day.
These high-profile breaches are a stark reminder that no organisation is immune. While big brands make headlines, small and medium-sized businesses are increasingly targeted or affected indirectly through supply chain vulnerabilities. For UK businesses of every size, it’s time to move beyond prevention alone and ensure there’s a clear, actionable cyber incident response plan in place.
The Rise in Cyber Incidents Across the UK
- The Cyber Security Breaches Survey 2025 found that 43% of UK businesses experienced a cyber breach or attack in the past 12 months — that’s over 600,000 businesses.
- Among larger organisations, that figure rises to 74%.
- The NCSC handled 429 cyber incidents this year, with nearly half considered nationally significant.
- Ransomware, phishing, and supply chain compromise remain the most common types of attack.
These statistics highlight that cyber crime is not just a large-enterprise issue. The evolving threat landscape now affects everyone — from retailers and manufacturers to professional services and SMEs.
Why Cyber Attacks Affect Businesses of All Sizes
While large organisations have the resources to recover, smaller businesses often don’t. Yet many are part of the same digital ecosystems, sharing data, suppliers, and platforms. That means:
- Direct attacks — hackers increasingly use automated tools to find and exploit smaller, unpatched systems.
- Supply chain disruption — even if your business isn’t the target, an attack on a customer, supplier, logistics provider, or IT vendor can halt your operations, as happened in the recent Jaguar Land Rover factory shut down, halting orders from its suppliers.
- Reputational damage — customers, partners, and regulators expect resilience. A breach can severely affect trust and future business.
The question is no longer if your business will face disruption — but when.
The Most Critical Step: Having a Cyber Incident Response Plan
Firewalls, antivirus, and backups are vital, but having a well-defined cyber incident response plan is what truly limits the damage when an attack happens.
Your plan should clearly outline:
- Roles and responsibilities — who leads the response, who communicates externally, and who reports to insurers or regulators.
- Response playbooks — step-by-step actions for common incidents like ransomware, phishing, or data breaches.
- Communication protocols — how to contact your team, IT provider, and cyber insurer quickly.
- Decision points — when to escalate to law enforcement, legal counsel, or specialist response firms.
- Recovery processes — how to restore systems and verify data integrity.
- Testing and review — run simulated “table-top” exercises to make sure the plan works in practice.
And crucially: keep a paper copy. In many incidents, digital access is lost or encrypted. A printed, offline version ensures that your response plan remains accessible when you need it most.
Strengthening Resilience and Reducing Risk
In addition to a written incident response plan, businesses should adopt broader cyber risk management practices:
- Gain Cyber Essentials certification to demonstrate compliance and reduce vulnerabilities.
- Regularly train staff on phishing and social engineering awareness.
- Review supplier cyber security and continuity measures.
- Implement strong access controls and multi-factor authentication.
- Back up data regularly and store copies offline.
- Ensure your cyber insurance policy is aligned with your response procedures.
Cyber insurance can be a valuable part of a wider resilience strategy, providing access to forensic experts, legal support, PR response, and financial protection when a breach occurs. However, insurers increasingly expect clients to have an incident response plan and strong preventative measures in place.
How We Can Help
At Romero, we help businesses protect themselves before, during, and after a cyber incident.
Our specialists provide:
- Tailored cyber insurance solutions to safeguard against financial loss and reputation damage.
- Cyber risk management consultancy, including the development of offline incident response plans.
- Training and testing to ensure your people know how to act in a crisis.
We help you turn cyber resilience from a technical challenge into a strategic advantage — ensuring your business can recover quickly and confidently from any digital disruption.
Take Action Today
Cyber attacks on businesses like M&S, the Co-op and Jaguar Land Rover prove that the risk is real, growing, and indiscriminate. The best protection is preparation.
If your organisation doesn’t yet have a tested, paper-based cyber incident response plan, or if your cyber insurance cover hasn’t been reviewed in the last year, now is the time to act.