09 July 2025
Amid escalating cyber threats and a series of high-profile breaches, new findings reveal concerning gaps in UK businesses’ cybersecurity preparedness.
According to ESET’s recent research, 15% of UK organizations still do not allocate any budget to cybersecurity measures, and nearly a quarter (23%) do not plan to increase their investment over the coming year. This raises serious questions about their resilience in facing today’s increasingly sophisticated cyber landscape.
The research underscores that many businesses are at a critical crossroads. While some are making strides and planning to boost cybersecurity spending, a significant portion lack the resources, expertise, or strategic focus needed to respond effectively. Nearly half (45%) manage their cybersecurity operations without involving any third-party specialists, and 42% adopt a hybrid approach combining internal and external capabilities. Furthermore, about 32% admit they struggle to maintain sufficient resources, leaving gaps in their defenses.
The disparity is especially stark when comparing larger and smaller enterprises. An overwhelming 96% of large businesses allocate a dedicated cybersecurity budget, compared to just 58% of small and medium-sized enterprises (SMEs). This gap highlights the vulnerability of smaller organizations that often lack the capacity to defend against cyber threats effectively.
While there are signs of progress — some organizations are increasing their cybersecurity investments — the overall picture is troubling. With fewer than three-quarters of businesses planning to boost their cybersecurity budgets, a disconnect persists between awareness of threats and proactive action.
The financial impact of breaches is increasingly evident. Major incidents, such as M&S’s £300 million profit warning following a cyber attack, and 23andMe’s £2.3 million fine illustrate how costly breaches can be. The Co-op’s recent decision to offer customer discounts after disruptions further exemplifies the operational and reputational damage inflicted by cyber incidents.
However, uptake of cyber insurance remains limited. Less than half (43%) of UK businesses hold some form of cyber coverage, with only 8% possessing a dedicated cyber policy. The remaining 35% are covered under broader insurance packages, leaving over half of organizations without any cyber protection — potentially exposing them to significant financial and operational risks.
“Cyber attacks aren’t just a technical issue—they have real financial and reputational consequences. The impact on customer trust can last for years and be incredibly costly to repair. Businesses need to urgently review their defenses, invest in expertise, and have well-rehearsed response plans before it’s too late,” said Jake Moore, Global Cybersecurity Advisor at ESET.
The report underscores that UK businesses have lost an estimated £64 billion over the past three years due to cyber attacks. Breaches force companies to spend heavily on rebuilding trust and customer relationships, often at great expense. While some major brands can withstand such shocks, many smaller organizations face far more difficult recoveries.
“Strengthening the UK’s digital defenses isn’t just an individual company’s responsibility — it demands coordinated action between industry, cybersecurity providers, and government. Only through joint efforts can we build resilient, secure digital infrastructure for the future,” said Moore.
