In country terms, the sums concerned would make cyber hacking the third-biggest economy in the world after only the US and China, according to Cybersecurity Ventures (Getty) <\/p>\n
As 2025 winds down, business<\/a> leaders and executives will feel it has been a particularly expensive year as the cost of employment shot up, inflation of raw materials impacted supply chains and both oil and tariff shocks hit in the first half of the year.<\/p>\n But perhaps the biggest cost of all was one borne by companies hit by cyber attacks<\/a>.<\/p>\n One damning government report<\/a> suggests that close to half of British businesses (43 per cent) and three in 10 charities (30 per cent) claimed to have suffered a type of cybersecurity breach or attack in the past year. These include anything from a phishing attack to a full-blown digital shutdown costing hundreds of millions of pounds<\/a>.<\/p>\n The list of those affected includes some of Britain\u2019s biggest businesses.<\/p>\n Marks and Spencer<\/a>. Adidas. Co-op Group. Heathrow airport. Harrods. And, of course, Jaguar Land Rover<\/a> (JLR). Each has suffered publicly confirmed cyber hacks. These attacks were not limited to companies either: the German parliament also suffered a breach and, in October, the UK government saw the Foreign Office hacked<\/a>.<\/p>\n Organisations have to fight a moving target, one with seemingly limitless capabilities. This isn\u2019t a foe a business and kill and move on from \u2013 cyber attacks come in all different ways, from all points of the earth and if one attempt doesn\u2019t work, it just keeps coming.<\/p>\n Jason Soroko, a cybersecurity expert and host of the Root Causes podcast, put it bluntly: \u201cFor cyber attacks, 2025 was brutal. 2026 will be worse.\u201d<\/p>\n Attackers aren\u2019t just looking to break into digital vaults and extract cash. Data has become incredibly valuable, while damage to economic or manufacturing operations can provide an opportunity for someone else to pick up the slack in demand, meaning state-level involvement is part of the picture at times, too.<\/p>\n The truth is, for a business, lost sales are only part of the picture \u2013 there\u2019s reputational damage to consider, possible reimbursement or lost opportunity costs, the loss of ongoing clients to rivals and, obviously, the amount spent to fix and then upgrade their own systems too.<\/p>\n Cybersecurity Ventures, a noted source of data and research in the cybersecurity sphere, says<\/a> the entire \u201cindustry\u201d was worth around $10.5 trillion (\u00a37.8 trillion) this year alone. In country terms, this would make it the third-biggest economy in the world after only the US and China.<\/p>\n For individual companies, the reliance is on their accountancy estimates being made public. M&S originally said the hit to its profits would be in the region of \u00a3300m, but in November gave a figure of just under half that<\/a>, having recouped \u00a3100m in insurance payouts.<\/p>\n JLR was not so fortunate as it had not renewed its cyber insurance specifically, meaning it would bear the brunt of a \u00a3200m estimated cost<\/a>. Meanwhile, Co-op\u2019s cyber attack<\/a> saw more than 6 million customers\u2019 data stolen, with the final tally expected to cost around \u00a3120m<\/a>.<\/p>\n Elsewhere, the \u201ccost\u201d is more difficult to place a figure on, but is more wide-ranging and potentially damaging.<\/p>\n JLR\u2019s shutdown was big and prolonged enough to contribute towards an economic downturn: car production failed to rebound in September and October across the industry and was one of the big factors in UK GDP contracting by 0.1 per cent in the latter month.<\/p>\n There are several good reasons why companies cannot keep cyber crime at bay.<\/p>\n Attacks can be multi-pronged in style or timing and have the advantage of being proactive: those in defence must rely on seeing what the attackers are doing and respond accordingly.<\/p>\n \u201cAttackers now deploy AI at a speed defenders simply haven\u2019t matched. It\u2019s an asymmetry that widens by the month. Defenders have been slow to adopt stronger authentication, which is like failing to fit better locks on the doors. The attackers take advantage of this,\u201d explained Mr Soroko, who works with online security firm Sectigo.<\/p>\n Cybersecurity Ventures, meanwhile, estimates that the \u201cfrequency of ransomware attacks on governments, businesses, consumers, and devices will continue to rise […] to hit once every two seconds by 2031.\u201d<\/p>\n It\u2019s a lot to stop \u2013 and that\u2019s just the digital version.<\/p>\n JLR had not renewed its cyber insurance specifically, meaning it would bear the brunt of a \u00a3200m estimated cost (Getty) <\/p>\n