IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Shadowy figure computer digital network uk infrastructure cyberattack concerns
#
Cartech
#
Physical Security
#
IAM

UK cyberattacks surge as leaders urge new security approaches

Fri, 17th Oct 2025
Author image
By Shannon Williams, Journalist

The UK's National Cyber Security Centre has reported a rise in nationally significant cyber incidents, prompting industry leaders to call for an overhaul in how organisations approach information security and supplier relationships.

The annual report from the NCSC highlighted that the past year has seen a surge in cyberattacks across the UK, with both private and public sector organisations targeted. This includes high-profile cases such as M&S, Jaguar Land Rover, Co-op, and Collins Aerospace, all of which have faced considerable financial and operational disruption as a result of security breaches.

Industry acknowledgement

Barry Daniels, Chief Executive Officer of Droplet, a container-based security firm, argues that identity is now a critical vulnerability across UK organisations. Daniels points to recent data from Verizon, which indicates a 17% rise in system intrusions and that 22% of businesses have suffered from credential abuse.

"For years, the world of IT security has been based on identity; from access rights and multi-factor authentication all the way to simply an individual with the right email and password accessing a system. However, if we are to learn nothing else from the major cyber incidents which have taken place this year, it is that identity is under threat," Daniels commented.

He added that advances in social engineering and the widespread use of artificial intelligence by cyber criminals have created unprecedented challenges for security professionals. The complexity and interconnectedness of contemporary IT environments, according to Daniels, have left traditional security models struggling to keep pace with the speed and agility of emerging threats.

"The 'identity-first' and 'perimeter-first' security models used for decades by many large security vendors are no longer effective against modern cyber attacks, which continue to gather pace. But the simple fact is that the security vendors who created these, no longer own the end-to-end stack," he said.

Daniels advocates for a layered defence approach, combining modern security techniques with existing controls and more robust protections for critical assets. He suggests isolating vital infrastructure and treating every access attempt with suspicion, rather than relying solely on identity-based frameworks such as Zero Trust models.

Supply chain focus

The NCSC's report also draws attention to the persistent and evolving risk posed by third-party and supply chain attacks-a concern emphasised by Sebastien Marchon, Chief Executive Officer of expense management company Rydoo. Marchon said that while new regulatory frameworks like the UK's upcoming Cyber Security and Resilience Bill are a step in the right direction, chief executives must show greater accountability when it comes to cybersecurity, especially in managing supplier relationships.

"With third-party breaches continuing to rise, the supply chain has become one of the most attractive entry points for cyber criminals. Cybersecurity can no longer sit solely with IT teams; it's a C-suite priority that demands vigilance across every department," Marchon noted.

He highlighted the particular risks faced by Software-as-a-Service providers, who are often granted access to sensitive internal systems and data. According to Marchon, businesses must seek clear evidence that their suppliers possess dedicated expertise, recognised security accreditations, and transparent incident response protocols.

"These are no longer just 'nice-to-haves', they're critical indicators of digital resilience," he added.

Financial and operational impact

The increase in cyberattacks has imposed significant costs on UK organisations. Estimates suggest that over 600,000 businesses and 61,000 registered charities have been targeted in the past year. Such incidents often result in expensive downtime as well as increased risks to customer trust, stakeholder relationships, and overall reputational standing.

Daniels warned that with global cyber crime expected to reach USD $10.5 trillion in the coming years, few organisations have the budgetary capacity to ignore the problem. However, he suggests that rather than dismantling established systems entirely, strengthening and layering defences is the most practical approach for most businesses. A shift towards isolating systems and integrating multiple security layers may help reduce the incidence of supply chain and credential-based attacks.

Regulatory developments ahead

The UK government's planned Cyber Security and Resilience Bill is expected to introduce stricter requirements for businesses and public sector bodies, with a heightened focus on securing supply chains and third-party vendors. Executive leadership, as highlighted by both Daniels and Marchon, will be central to these efforts, ensuring that the responsibility for digital risk management extends beyond technical teams to the organisation as a whole.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
High performers excel in strategy execution amid data challenges
AI & tax intelligence set to transform business compliance by 2026
OpenAI launches GPT-5.1 Instant & Thinking upgrades for ChatGPT
Cyber Security Bill aims to shield UK firms from GBP £2 billion losses
New UK cyber security bill to raise standards for all suppliers

Top stories

SALESmanago appoints Phil Draper as CEO to drive global AI growth
Premier CX & CommBox launch AI-driven platform for recruiters
ScreenCloud Belfast team wins three major awards for service
UK firms fear AI data non-compliance amid new regulatory risks
UK retailers & tech firms seek clarity on tax as Budget nears