The recent cybersecurity breach at Jaguar Land Rover has cost the UK economy an estimated £1.9 billion, making it the most costly cyber-attack in British history.
Similar breaches against Marks & Spencer and Co-Op, costing £300 million and £206 million respectively, underline the scale of financial and operational disruption facing UK enterprises.
Senior cybersecurity author and researcher at Pluralsight.
At the same time, the UK government has proposed a ransomware payment ban, to curb the profitability of cybercrime by prohibiting public sector organizations and operators of Critical National Infrastructure (CNI) from paying ransoms.
In theory, this could reduce the appeal of targeting essential services, but it could also lead to attackers shifting their attention to the private sector – where extracting ransom payments would still be possible.
Together, this means the private sector must urgently shore up its defenses against an increasingly evolving threat landscape. This starts with ensuring that teams have the right cyber skills to build true cyber resilience across the entire organization.
A growing wave of cyberattacks
In the context of such a hostile cyber climate, the UK’s proposed ransomware payment ban intends to alleviate the pressure on Critical National Infrastructure (CNI) and the public sector. Instead, it will leave the private sector to face the brunt of these attacks.
The proposed ransomware payment ban outlines three measures:
- The targeted ban on ransomware payments for owners and operators of CNI and the public sector.
- The enactment of a ransomware payment prevention regime.
- A mandatory incident reporting regime.
Businesses not covered by the ban would be required to notify the government of any intent to pay a ransom.
The government could then provide those businesses with advice and support, including notifying them if any such payment would risk breaking the law by sending money to sanctioned cybercriminal groups.
Otherwise, the responsibility to deal with these cyber-attacks falls on the private sector alone.
Bridging the cyber skills gap
In lieu of the incoming pressure on the private sector as the only profitable ransomware target, companies need to build resilience. Building cyber resilience starts with people.
Pluralsight’s 2025 Tech Skills Report found that as it stands, 39% of respondents already see cyber skills as the most important in 2025. But 34% also identified cybersecurity as having the largest skills gap.
At the same time, the majority (95%) of UK leaders say that they view tech upskilling as a priority in 2025 but 50% of employees say they are struggling to find the time to learn and 93% cite a lack of support.
Without sustained investment and embedded training, companies will struggle to realize true cyber resilience.
Embedding cyber resilience in every role
Cyber upskilling must be built into daily work for both technical and non-technical employees. It’s not a one-off training exercise; it’s part of how people perform their roles confidently and securely.
For technical teams, staying current on certifications and practicing hands-on defense is essential. Labs and sandboxes that simulate real-world attacks give them the experience needed to respond effectively when incidents happen.
For everyone else, the focus should be on clarity and relevance. Employees need to understand exactly what’s expected of them; how their individual decisions contribute to the organization’s resilience.
Role-specific training makes this real: finance teams need to recognize invoice fraud attempts; HR should know how to handle sensitive data securely; customer service needs to spot social engineering in live interactions.
Phishing remains the most common entry point for cyberattacks in the UK, and no one is immune, regardless of role or seniority. The M&S breach began with a phishing attack on a third-party vendor, proving that clarity and context at every level matter.
Building resilience means empowering every employee to recognize, respond, and report threats before they escalate.
Placing cyber accountability in the boardroom
Employee training remains essential, but genuine cyber resilience starts in the boardroom. Oversight at that level has been declining – from 38% of boards in 2021 to just 27% in 2025 – and that trend is deeply out of step with today’s threat landscape.
Boards aren’t expected to manage technical defenses, but they are responsible for ensuring the organization can withstand, recover from, and learn after a cyber disruption. Cyber incidents have evolved into full business continuity events, affecting operations, supply chains, and reputation.
Resilience should now sit alongside financial performance and sustainability as a core board KPI. That means directors receiving regular updates not only on threat trends and audit findings, but also on recovery readiness, incident transparency, and the cultural maturity of the organization’s response.
Re-engaging boards on this agenda isn’t about assigning blame—it’s about enabling smarter oversight. When leaders understand how resilience protects trust, continuity, and brand, cybersecurity stops being a technical issue and becomes what it truly is: a measure of business strength.
Building resilience before the storm
As the UK government moves to reduce ransomware’s profitability, private businesses will inevitably become more attractive targets.
The only sustainable defense is a culture of resilience built through continuous learning, clear accountability, and leadership engagement.
Cyber resilience is no longer optional; it’s the foundation of operational continuity, customer trust and long-term success in an era where threats are evolving faster than ever before.
https://cdn.mos.cms.futurecdn.net/fg7bgy65pWhFo4Qzib58yX-2560-80.jpg
Source link
