The big picture
In the UK, cybersecurity has moved to the top of the business agenda, with organisations investing in stronger defences, clearer governance structures, and more formal resilience frameworks. Despite this progress, significant challenges persist—from a widening skills gap and rising team burnout to board-level engagement that too often kicks in only when a crisis strikes.…
Read moreThis study explores the state of operational resilience across UK organisations, examining how businesses experience, respond to, and learn from cyberattacks.
Our survey cohort at a glance
We surveyed 305 qualified executives and IT and security professionals at organisations ranging from small businesses to large enterprises, across the UK. These participants held direct responsibilities related to security defence, incident response, and IT strategy. Specifically in the UK, we surveyed respondents drawn from a cross section of seniority levels—from IT administrators and security analysts to C-suite and board-level leadership.…
Read moreThreats and impact
Nearly four in five UK organisations surveyed reported experiencing a cyber incident in the past 12 months—a rate that underscores just how widespread and routine cyberthreats have become across UK businesses.
This means that 77% of UK organisations experienced at least one cyber incident or attack in the last year alone.
Types of incidents experienced
When incidents occurred, the scale was significant. The majority of incidents (54%) affected multiple devices within a function or team. A further 27% of incidents spread across multiple systems and departments, and 9% caused organisation-wide disruption.
- 54%Multiple devices
within teams - 27%Multiple devices
across teams - 9%Organisation-
wide disruption - 10%Isolated to one
user or device
Incident response
UK organisations showed strong process discipline after incidents, but a notable share still took days or even weeks to fully recover. The question is whether learning translates into lasting change.
conducted a formal post-incident review after experiencing an attack
implemented targeted improvements focused on specific gaps identified
adopted broader, long-term improvements to strengthen resilience
resolved the incident but maintained their existing cybersecurity strategy unchanged
Changes implemented in the last 12 months:
changes
staff awareness
procedure changes
compliance driven
platforms
governance
On detection speed, 84% of organisations had formally defined time targets.
Governance and accountability
Clear ownership of cybersecurity functions is a critical marker of organisational maturity. UK organisations largely have defined structures in place, though board engagement remains inconsistent outside of crises.
had a clear definition of responsibilities in the event of a cyber incident
had a solid backup and recovery strategy in place
respondents heavily relied on IT infrastructure for core operations
The IT function carries primary ownership across both prevention (69%) and response (59%), with the security department in second place.
Management’s involvement in handling incidents
Very high and continuous: 33%
High, but only during crises: 43%
Limited involvement: 20%
No involvement: 4%
A reactive pattern of board involvement signals a governance risk: Leadership that only engages under pressure cannot effectively shape a long-term resilience strategy.
Dependency on critical systems
-
66%IT operations
management -
59%IT service
management -
57%Security information
and event management -
48%Endpoint security
and management -
41%Identity and access
management
of UK organisations already have a formal methodology to assess their cyber resilience, placing the UK on relatively strong footing in Europe.
People and workload
IT and security teams are under sustained pressure. While many organisations describe their teams as functioning, the data reveals a workforce stretched by evolving threats, fragmented tooling, and a widening skills gap.
Operational pressure on IT and security teams
Top challenges facing IT and security departments
60% of respondents said pressure has increased in the last 12 months.
Impact of organisational pressure in handling incidents:
Future risks and strategic investments
AI-powered attacks have emerged as the single biggest concern for UK organisations looking ahead—overtaking even advanced ransomware. Meanwhile, investment priorities reflect both today’s pain points and tomorrow’s threat landscape.
On average, 8/10 respondents were confident in their organisation’s ability to manage a major cyber incident in the next 12 months.
Cyber resilience is now a boardroom topic for most UK organisations: 50% discuss it regularly, while another 41% do so occasionally. Only 9% limit the discussion to after serious incidents occur or never engage in it at all.
- 50% Regular
- 41% Occasional
- 9% Only during crises
Biggest risks predicted for the next 12 months
Top investment priorities for the next 12 – 24 months
Conclusion
These findings show that the UK business community is structurally prepared and increasingly confident when experiencing cyber threats, yet still vulnerable to the patterns that cause the most critical incidents.…
Read moreWith AI-powered attacks now the top perceived risk and a skills gap affecting nearly half of all teams, the challenge is not just recovering from the next incident—it is building the organisational muscle to genuinely learn from each one. The work now is to translate structural readiness into an adaptive, continuously improving security culture.
