How Execs Can Build Resilience Against Cyber Attacks

Cyber attacks on the likes of Marks & Spencers, Co-op and Jaguar Land Rover (JLR) have become regular headlines, losing businesses hundreds of millions of pounds in 2025 alone.

The UK’s National Cyber Security Centre (NCSC) has written to business executives, including the entirety of the FTSE350, encouraging them to fight together against cyber-criminals.

This comes at a time when the NCSC reports a record of 204 nationally significant cyber attacks handled from 1 September 2024 to 31 August 2025 - up by 89 in the previous 12-monthly report.

According to The Independent, the letter has been signed by UK Secretary of State for Science, Innovation and Technology Liz Kendall, Chancellor of the Exchequer Rachel Reeves, Secretary of State for Business and Trade Peter Kyle, Minister of State for Security Dan Jarvis, and the heads of the NCSC and National Crime Agency.

The Tech Secretary said: “We’ve seen first hand the disruption caused by cyber attacks on major British companies, hitting their bottom line and putting jobs at risk.

“The Government stands ready to help, but cyber security is an issue that demands leadership both from Chief Executives and right across the boardroom.”

Discussing the latest report, Dr Richard Horne, Chief Executive of the NCSC, said: “Cybersecurity is now a matter of business survival and national resilience.

“With over half the incidents handled by the NCSC deemed to be nationally significant, and a rise of 50% in highly significant attacks on last year, our collective exposure to serious impacts is growing at an alarming pace.”

The impact of cyber attacks

The NCSC says that nationally significant incidents “have a substantial impact on the UK’s national security, economy or critical infrastructure” and threaten sensitive national data and key government functions.

Highly significant incidents require a coordinated cross-government report due to widespread disruption and potential to cause long-term damage to national interests.

Of the 429 incidents handled by the organisation, outlined in their recent report, 18 were handled in the “highly significant” category - marking a 50% increase on incidents in this second-highest level categorisation compared to the previous year’s report.

Graeme Stewart, Head of Public Sector at cybersecurity firm Check Point Software, acknowledges that companies are not prepared in keeping business-as-usual when digital systems are compromised.

He told the BBC: “The call for pen and paper might sound old-fashioned, but it’s practical”, noting digital systems are practically “useless” once targeted by hackers.

Paul Abbott, owner of Northamptonshire transport firm KNP, also told the BBC that the firm closed after hackers encrypted its operational systems and demanded money in 2023.

In an interview with BBC Radio 5 Live on 7 October he said that instead, of throwing money at cybersecurity with insurance and systems, he now focuses on education and contingency.

Cyber attacks on the national stage

The M&S cyber attack, which occurred in late April 2025 and lasted into July, cost the company over £300m (US$400.7m) in lost profits.

At the time, the firm's Operations Director Jayne Wall said: “Unfortunately, the nature of the incident means that some personal customer data has been taken, but there is no evidence that it has been shared. 

“The personal data could include contact details, date of birth and online order history.”

The JLR breach came to light when the company shut down its digital systems in late August 2025 to contain the incident.

Key UK plants in Sulihill, Halewood and Wolverhampton were impacted due to disruptions to supply chains.

Discussing how to stop the frequency of cyber crimes, Richard added: “The best way to defend against these attacks is for organisations to make themselves as hard as a target as possible. 

“That demands urgency from every business leader: hesitation is a vulnerability, and the future of their business depends on the action they take today. This time to act is now.”