Recent cyberattacks against Jaguar Land Rover (JLR), Marks & Spencer (M&S) and Co-Op have already cost millions in lost revenue. This upturn in attacks is the new reality being faced by UK businesses and is set to worsen. This year, the National Cyber Security Centre has issued warnings that AI will make cyber operations faster, more frequent and more efficient.
At the same time, the UK government has proposed a ransomware payment ban, to undercut the economic model that motivates cybercriminals. The proposal would ban public sector organisations and operators of Critical National Infrastructure (CNI) from paying ransoms.
In theory, this could reduce the appeal of targeting essential services, but it could also lead to attackers shifting their attention to the private sector – where extracting ransom payments would still be possible.
All of this combined means that the private sector needs to shore up its defences against what may be to come. This starts with ensuring that teams have the right cyber skills to build true cyber resilience across the organisation.
A surge in cyber attacks
In the UK, ransomware is considered the greatest cyber-threat and the financial toll of these attacks is staggering. Following its breach, JLR halted production for nearly a month, with losses still being calculated. M&S suspended online orders for six weeks, costing an estimated £300 million, while Co-Op lost £206 milllion in missed sales. Beyond the financial hit, reputations and consumer trust were eroded, costs that extend long after recovery.
In the context of such a hostile cyber climate, the UK’s proposed ransomware payment ban intends to alleviate the pressure on Critical National Infrastructure (CNI) and the public sector. Instead, it will leave the private sector to face the brunt of these attacks.
The proposed ransomware payment ban
The ban outlines three measures:
- The targeted ban on ransomware payments for owners and operators of CNI and the public sector.
- The enactment of a ransomware payment prevention regime.
- A mandatory incident reporting regime.
Businesses not covered by the ban would be required to notify the government of any intent to pay a ransom. The government could then provide those businesses with advice and support, including notifying them if any such payment would risk breaking the law by sending money to sanctioned cybercriminal groups. Otherwise, the responsibility to deal with these cyber-attacks falls on the private sector alone.
The cyber skills gap
In lieu of the incoming pressure on the private sector as the only profitable ransomware target, companies need to build resilience. Building cyber resilience starts with people.
Pluralsight’s 2025 Tech Skills Report found that as it stands, 39% of respondents already see cyber skills as the most important in 2025. But 34% also identified cybersecurity as having the largest skills gap.
At the same time, the majority (95%) of UK leaders say that they view tech upskilling as a priority in 2025 but 50% of employees say they are struggling to find the time to learn and 93% cite a lack of support. Without sustained investment and embedded training, companies will struggle to realise true cyber resilience.
Teaching every employee cyber resilience
Cyber upskilling must be built into daily work for both technical and non-technical employees. It’s not a one-off training exercise; it’s part of how people perform their roles confidently and securely.
For technical teams, staying current on certifications and practising hands-on defence is essential. Labs and sandboxes that simulate real-world attacks give them the experience needed to respond effectively when incidents happen.
For everyone else, the focus should be on clarity and relevance. Employees need to understand exactly what’s expected of them; how their individual decisions contribute to the organisation’s resilience. Role-specific training makes this real: finance teams need to recognise invoice fraud attempts; HR should know how to handle sensitive data securely; customer service needs to spot social engineering in live interactions.
Phishing remains the most common entry point for cyberattacks in the UK, and no one is immune, regardless of role or seniority. The M&S breach began with a phishing attack on a third-party vendor, proving that clarity and context at every level matter. Building resilience means empowering every employee to recognise, respond, and report threats before they escalate.
Putting cyber accountability in the boardroom
Employee training remains essential, but genuine cyber resilience starts in the boardroom. Oversight at that level has been declining—from 38% of boards in 2021 to just 27% in 2025—and that trend is deeply out of step with today’s threat landscape.
Boards aren’t expected to manage technical defences, but they are responsible for ensuring the organisation can withstand, recover from, and learn after a cyber disruption. Cyber incidents have evolved into full business continuity events, affecting operations, supply chains, and reputation.
Resilience should now sit alongside financial performance and sustainability as a core board KPI. That means directors receiving regular updates not only on threat trends and audit findings, but also on recovery readiness, incident transparency, and the cultural maturity of the organisation’s response.
Re-engaging boards on this agenda isn’t about assigning blame—it’s about enabling smarter oversight. When leaders understand how resilience protects trust, continuity, and brand, cybersecurity stops being a technical issue and becomes what it truly is: a measure of business strength.
Preparing for the incoming wave of threats
As the government takes steps to reduce the economic incentive for ransomware, the private sector is poised to become the primary target. Companies must invest in skills, foster awareness across all employees and ensure that leadership is directly accountable. Only then can UK businesses hope to withstand the onslaught of increasingly sophisticated cyber threats.
