Cyber – A year of wake up calls

In the ever-evolving world of cybersecurity, the past year has made one thing clear – cyber-attacks are increasing in scale and sophistication, and no organisation, regardless of size or sector, is immune.

In just the past few months, major household names like Jaguar Land Rover, Marks & Spencer, and the Co-op have all suffered significant cyber incidents, causing widespread disruption and severe financial losses.

• Jaguar Land Rover was forced to halt production following a cyber-attack in August, estimated to have reduced profits by around £120 million. Production has only just started to resume, having been at a standstill since early September.
• In April, Marks & Spencer and the Co-op supermarket chain were both hit by ransomware attacks that encrypted and locked access to critical company data, leading to losses of approximately £300 million and £120 million respectively. Initially it appeared to be a minor disruption with contactless payment systems going down, and customers unable to use the click and collect service. It quickly escalated, and within days online shopping operations were completely shut down.

These breaches didn’t just disrupt operations, they exposed sensitive data and undermined customer trust, serving as a stark reminder that cyber threats aren’t just headline-grabbing events; they’re a daily reality for organisations everywhere.

43% of UK businesses reported experiencing a cyber breach or attack in the last 12 months, and the risk remains significant for medium and large organisations where attack rates remain high at 67% and 74% respectively.

– Cyber security breaches survey 2025

When it’s not even a cyber-attack

While most of this year’s headlines have reported on the fallout from malicious cyber activity, one of the most disruptive incidents of 2024, the CrowdStrike outage, didn’t involve cybercriminals at all.

A routine software update for CrowdStrike’s Falcon Sensor software contained a flaw that caused Microsoft Windows systems around the world to crash, crippling infrastructure, financial institutions, hospitals, and retailers. Airports faced severe delays, retail transactions ground to a halt, and even NHS services were disrupted. Although a fix was issued quickly, the incident revealed just how interconnected and fragile our digital ecosystem has become and how a single error can ripple across the globe. For companies like Jaguar Land Rover, being a carmaker where ‘everything is connected’ has left them vulnerable, unable to isolate its plants or functions, forcing a shutdown across its operations.

Taking action

It’s not only the high-profile targets that are at risk. Behind the scenes, thousands of SMEs are attacked every single day, often with devastating financial and operational consequences, we just don’t hear about them.

Encouragingly though, many small businesses are taking steps to stay ahead of the threat and increasing their resilience by conducting cybersecurity risk assessments, taking out cyber liability insurance and developing business continuity plans. Hiscox recently reported that over the past 12 months, 59% of SMEs have faced a cyber-attack, but rather than standing still, they are investing, training, and updating systems to keep pace with the evolving landscape.

There’s a broader determination among smaller organisations to stay ahead of emerging risks and it’s paying off. In fact, 94% of SMEs plan to further increase their investment in cybersecurity over the next 12 months, from hiring specialist talent and strengthening training programmes to conducting regular vulnerability checks and reassessing supply chain risks.

– Cyber security breaches survey 2025

Insurance as a service (not just a safety net)

There’s no doubt that in a world where everything’s digital, everyone’s vulnerable, and when it comes to a cyber-attack a quick response can make the difference between a minor disruption and a major crisis.

One of the biggest changes in recent years is how cyber insurance has evolved. It’s no longer a passive policy that quietly sits in the background until disaster strikes. Instead, it’s becoming an active, ongoing service that delivers value long before a breach occurs.

A strong cyber crime insurance policy doesn’t just provide financial support after an incident. It can also equip your business with a range of proactive tools and resources, including:

• Network vulnerability scans
• Phishing awareness training and simulations
• Dark web monitoring
• Real-time alerts on emerging threats

“Your cyber insurance can now act as a partner in prevention, helping you strengthen defences, reduce risk, and respond faster, it’s not just a safety net when things go wrong”.

James Bishop, Cyber Insurance specialist

Cyber threats aren’t going away but with the right mix of security, education, training, and insurance, businesses can not only survive but thrive in the face of growing digital risks.

Want to reduce your cyber risk?

Call 0118 916 5480 and ask for Theo or James to discuss how cyber insurance can help protect your business.