Vodafone Business has published a new study that suggests many British businesses are poorly prepared for the possibility of a cyber attack. The study found a sizable share of companies question whether they could survive a serious cyber incident, at a time when digital threats are becoming harder to ignore.
The research surveyed 1,000 senior leaders across UK businesses of all sizes. More than 10 percent of respondents said their organization would be unlikely to survive a major cyber incident like those that disrupted large retailers such as M&S and car manufacturer Jaguar Land Rover last year.
Cyber attack causes
Human error remains one of the biggest concerns. Seventy one percent of business leaders believe that at least one employee in their organization would fall for a convincing phishing email. Respondents cited limited awareness, lack of training, staff being too busy, and unclear processes for reporting suspicious messages as the main reasons.
Awareness of cyber risk appears high, but follow-up is inconsistent. Eighty nine percent of leaders said high-profile cyber-attacks on well-known brands last year made them more alert to online threats. Even so, fewer than half, 45 percent, said all staff had completed basic cyber awareness training.
Password habits continue to expose businesses to avoidable risk. Sixty three percent of leaders reported that their organization’s risk of cyber-attack increased over the past year. Employers estimate that staff reuse their work passwords across an average of 11 personal accounts, including social media and dating platforms.
Inadequate crisis planning, weak password practices, and susceptibility to phishing scams leave organizations open to cyber-crime. These gaps can create cascading problems when attackers exploit a single weak point.
AI threats are an increasing problem. About seven in ten respondents said the rise of deepfake AI videos has made them more cautious about video calls claiming to come from senior colleagues or managers. Impersonation scams using synthetic media are adding a new layer of complexity to everyday business communication.
Weaknesses within partner or supplier systems can expose entire organizations, even when internal defenses appear sound. Attacks targeting indirect access routes continue to grow in frequency.
The UK Government has also taken steps in response to rising cyber threats. A second Telecommunications Fraud Charter is set to launch later this year, with the aim of improving coordination between industry and government to reduce fraud and disruption.
Nick Gliddon, Business Director at VodafoneThree, said, “Some of these findings are truly alarming. The revelation that one in ten business leaders believe their company would not survive a cyber-attack highlights the scale of vulnerability facing UK firms today. Many steps, such as avoiding password reuse and enhancing staff training, are relatively simple to implement, and Vodafone Business is here to support organisations with practical solutions and expert guidance. In this context, the Government’s announcement of its second Telecommunications Fraud Charter, coupled with a new fraud strategy to be launched next year, marks a timely development. This renewed focus from policymakers underscores the seriousness of the threat and the need for a united approach between industry and government to tackle online fraud and cyber-crime.”
The study suggests that while awareness and concern about cyber risk is now widespread, preparation often falls short. As attacks become more sophisticated and harder to detect, aided by the rise of AI, gaps in training and basic security practices continue to leave many UK businesses exposed.
What do you think about the state of cyber preparedness among UK businesses? Let us know in the comments.
Image credit: Rawpixel.com / Shutterstock
