10% of UK Firms at Risk of Collapse from Cyberattack

A significant number of UK businesses are operating on borrowed time when it comes to cybersecurity, with new research indicating that one in ten would likely collapse if hit by a major cyberattack. This stark reality comes despite high-profile breaches at major retailers and manufacturers over the past year raising boardroom awareness of digital threats to unprecedented levels. A survey of 1,000 senior leaders by Vodafone Business found that while 89% felt more alert to cyber risks following incidents at companies like Marks & Spencer and Jaguar Land Rover, a full 10% admitted their organization probably would not survive a similar event.

The financial devastation caused by such attacks is immense. The ransomware incidents affecting M&S and the Co-op Group are estimated to have resulted in combined losses of up to £440 million. For M&S alone, the cost may exceed £300 million after its online operations were crippled for months. The disruption at Jaguar Land Rover had an even broader economic impact, costing the UK an estimated £1.9 billion and standing as the most expensive attack of its kind ever recorded.

This data aligns with a separate Business Resilience Index, which categorizes over a quarter of UK organizations as “at risk.” The index found that average uptime for critical services across these businesses was just 73% over the last year. The Vodafone survey further exposed widespread vulnerabilities in corporate defenses. Alarmingly, the research found that staff commonly reuse their work passwords for up to 11 personal accounts, including social media and dating sites. This dangerous practice opens the door to credential stuffing attacks, where cybercriminals use automated tools to test stolen passwords across multiple platforms.

Compounding the issue, less than half of the businesses surveyed confirmed that their employees have received even basic cybersecurity awareness training. Emerging threats like artificial intelligence are adding another layer of complexity, with 70% of leaders stating that deepfake technology has made them more suspicious of video communications from senior colleagues.

Nick Gliddon, a business director at Vodafone, described the findings as alarming but noted that many essential security measures, like stopping password reuse and improving staff training, are relatively straightforward to implement. There are also signs that policymakers are taking the threat more seriously. A second Fraud Sector Charter for the telecommunications industry, signed by major UK telcos in November, is set to take effect later this year.

This charter mandates several key actions, including upgrading network infrastructure to prevent number spoofing, introducing real-time “traceback” solutions to find the source of suspicious calls, and restoring trust in SMS messages through sender verification. It also aims to improve the sharing of intelligence on AI-generated fraud, such as deepfake voice cloning, and enhance support for victims.

Gliddon emphasized that this government initiative, alongside a new fraud strategy planned for next year, represents a critical step forward. He stated that this focused attention from officials highlights the severe nature of the threat and underscores the urgent need for a collaborative effort between industry and government to combat online fraud and cybercrime effectively.

(Source: InfoSecurity Magazine)