UK firms have ‘alarming gaps’ in cybersecurity readiness
7 May 2025, 09:24
A new report warns the vast majority of UK organisations are not adequately prepared to deal with modern cyber attacks.
The vast majority of UK firms are not at the required level of readiness to be able to withstand modern cyber attacks, a new report has warned.
Software giant Cisco’s annual Cybersecurity Readiness Index found that only 4% of UK organisations achieved its “mature” level of readiness – although this was a slight increase from the just 2% that achieved the status last year.
Cisco said the study, which included a survey of 8,000 private sector security and business leaders from 30 countries, showed there were “alarming gaps” in cybersecurity preparedness, and also warned of a “lack of urgency” in addressing the issue.
The findings come as major retailers continue to battle with the fallout from substantial cyber attacks.
On Tuesday, Co-op was unable to take card payments in some stores and shoppers have faced empty shelves because of an ongoing cyber attack for which the firm has apologised after it confirmed hackers had extracted members’ personal data such as names and contact details.
Meanwhile, Marks & Spencer (M&S) is continuing to deal with disruption caused by its own recent cyber incident, after first witnessing issues two weeks ago.
The retailer has reportedly been unable to offer some meal deals in some of its stores after product availability was hit.
In its report, Cisco said artificial intelligence (AI) is becoming an increasingly important tool, not just to help with cyber defences, but also in upskilling low-level hackers to enable them to carry out more sophisticated attacks.
According to its study, 78% of UK organisations said they had faced an AI-related security incident in the last year, but only 52% of those surveyed said they are confident their staff fully understand AI-related threats or grasp how the technology can be used to carry out attacks.
Cisco chief product officer Jeetu Patel said: “As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale – putting even more pressure on our infrastructure and those who defend it.
“This year’s report continues to reveal alarming gaps in security readiness and a lack of urgency to address them. UK organisations must rethink their strategies now or risk becoming irrelevant in the AI era.”
Other cybersecurity experts, and the UK’s National Cyber Security Centre (NCSC), have also raised concerns about the rise of “ransomware as a service”, where less-skilled hackers turn to pre-made tools to launch attacks on organisations more easily.
The NCSC said there has been a “clear shift” towards this approach, which is seen as a way of reducing the difficulty for criminals to carry out cyber attacks and extort ransom payments from firms.
