Cyber criminals are becoming smarter, faster and more determined. The latest Q1 2025 Cyber Threat Report shows that phishing, ransomware and supply chain attacks remain the most common risks, and UK businesses of every size continue to be prime targets.
Phishing Remains the Most Common Entry Point
Phishing is still the main way attackers get through. According to the National Cyber Security Centre Annual Review 2024, over 81 percent of UK businesses that experienced cyber incidents reported phishing attempts. These emails often look entirely legitimate and it takes only one click by a single employee to open the door to a much larger breach.
What is adding to this threat is the rise of new AI tools that help criminals craft more convincing phishing emails and carry out targeted social engineering. These tools can mimic writing styles, produce fake documents and even imitate voices, making it harder than ever for staff to spot what is real and what is not.
The Cost and Disruption of Ransomware
Ransomware attacks are not only about data being locked away, they often bring entire operations to a standstill. The Hiscox Cyber Readiness Report 2024 estimates the average cost of a ransomware attack on a UK business is now about £1.6 million once you include downtime, recovery work and damage to reputation. And the real cost can be even higher when attackers strike through a supply chain, putting customers, partners and service providers at risk.
This impact has been felt recently by high profile names too. In April 2025, Marks & Spencer was hit by a ransomware attack which took payment systems and online services offline over a busy trading period. Staff had to return to pen and paper to keep stores running, and the disruption lasted for weeks. It is estimated that the incident cost the business hundreds of millions in lost sales and operating profit, showing how quickly a cyber breach can move from an IT problem to a major business crisis.
A Threat to Operations, Reputation and Compliance
According to the UK Government Cyber Security Breaches Survey 2024, 32 percent of UK businesses reported experiencing a cyber breach or attack in the past year, with an average cost of £15,300 per incident. Beyond the financial hit, the consequences include lost productivity, regulatory investigations under data protection law and lasting damage to customer trust. For many businesses, especially small and medium sized firms, a significant cyber incident could threaten long term stability.
Cyber threats will not disappear, but businesses can take clear, practical steps to reduce risk. Regular staff training helps employees spot suspicious emails, backups keep data safe if systems go down and checking supplier security helps close off weak points in the chain. Keeping software up to date and using multi factor authentication remain simple but powerful defences.
Need help assessing your cyber risk or exploring the right protection? Speak to a member of our team at contact@thomas-carroll.co.uk.
