The latest cyber security breach at Jaguar Land Rover cost the UK economy around £1.9 billion, making it the costliest cyber attack in UK history.
Similar breaches against Marks & Spencer and the Co-Op, costing £300m and £206m respectively, highlight the scale of financial and operational disruptions facing UK businesses.
Meanwhile, the UK government has proposed banning ransomware payments to curb the profitability of cybercrime by banning public sector organizations and Critical National Infrastructure (CNI) operators from paying ransoms.
In theory, this could reduce the incentive to attack essential services, but it could also encourage attackers to turn to the private sector, where ransoms would still be possible.
All in all, this means that the private sector urgently needs to strengthen its defenses against an ever-changing threat landscape. This starts with ensuring teams have the right cyber capabilities to build true cyber resilience across the organisation.
A growing wave of cyber attacks
Against the backdrop of such a hostile cyber climate, the UK’s proposed ban on ransomware payments aims to ease pressure on Critical National Infrastructure (CNI) and the public sector. On the contrary, the private sector will suffer the most from these attacks.
The proposed ban on ransomware payments includes three measures:
- Specific ban on ransomware payments for CNI owners and operators and the public sector.
- The introduction of a system to prevent payments of ransomware.
- A mandatory accident reporting system.
Companies not covered by the ban would have to notify the government of any intention to pay a ransom.
The government can then offer advice and support to these companies, as well as inform them if such payments risk breaking the law by sending money to sanctioned cyber crime groups.
Otherwise, the responsibility to address these cyber attacks rests solely with the private sector.
Closing the skills gap in cyber security
To counter the growing pressure on the private sector, the only profitable target for ransomware, companies must strengthen their resilience. Developing cyber resilience starts with people.
Pluralsight’s Tech Skills Report 2025 shows that 39% of respondents currently see IT skills as the most important in 2025. However, 34% also say cybersecurity has the biggest skills gap.
Meanwhile, the majority (95%) of UK managers say they see technology development as a priority by 2025, but 50% of employees say they struggle to find time to learn and 93% say there is a lack of support.
Without sustained investment and integrated training, companies will struggle to achieve true cyber resilience.
Develop cyber resilience in every role
Improving IT skills should be integrated into the daily work of technical and non-technical employees. This is not an isolated training exercise; It is part of how people perform their tasks safely.
It is important that technical teams stay current on certifications and practice practical defense. Labs and sandboxes that simulate real-world attacks give them the experience needed to respond effectively to incidents.
For everyone else, the emphasis should be on clarity and relevance. Employees must understand exactly what is expected of them; how their individual decisions contribute to the organisation’s resilience.
Role-specific training makes it clear: finance teams must identify attempts at invoice fraud; HR needs to know how to handle sensitive data securely. Customer service must recognize social engineering in live interactions.
Phishing remains the most common entry point for cyber attacks in the UK and no one is safe, regardless of role or position. The M&S breach began as a phishing attack against a third party and demonstrated that clarity and context are important at all levels.
Building resilience means empowering every employee to detect, respond to and report threats before they escalate.
Integrate cyber responsibility across the board
Employee training remains important, but true cyber resilience begins in the boardroom. Oversight at this level has declined (from 38% of boards in 2021 to only 27% in 2025) and this trend is completely at odds with the current threat landscape.
Boards are not expected to manage technical defenses, but they are responsible for ensuring that the organization can withstand, recover from and learn from a cyber disruption. Cyber incidents have become total business continuity events that impact operations, supply chains and reputation.
Resilience should now be considered a key KPI, alongside financial performance and sustainability. This means managers receive regular information not only on threat trends and audit results, but also on remediation readiness, incident visibility and the cultural maturity of the organization’s response.
Bringing boards back into this agenda is not about apportioning blame, but about enabling smarter oversight. When leaders understand how resilience protects trust, continuity and brand, cybersecurity moves from being a technical issue to what it truly is: a measure of organizational strength.
Building resilience before the storm
As the UK government tries to reduce the profitability of ransomware, private companies will inevitably become more attractive targets.
The only sustainable defense is a culture of resilience built through continuous learning, clear accountability and leadership commitment.
Cyber resilience is no longer optional; It is the basis for business continuity, customer trust and long-term success in an age where threats are evolving faster than ever.
Check out our article on the best internet security suites..