Major cyber incidents that crippled Marks & Spencer (M&S) and Jaguar Land Rover (JLR) last year have jolted British boardrooms into recognising the true cost of digital threats. Yet, despite heightened awareness, many UK firms remain dangerously exposed, according to new research from Vodafone Business.
Growing Concern Among Business Leaders
The telecoms group surveyed 1,000 senior executives from organisations of all sizes to gauge their attitudes towards cyber risk. It found that 89% of respondents said recent high-profile breaches had made them more alert to the potential impact of cyber threats. Worryingly, however, one in ten admitted their organisation would likely not survive a similar attack.
The ransomware incidents at M&S and the Co-op Group are estimated to have cost up to £440 million, with M&S alone reportedly facing losses exceeding £300 million after its online operations were incapacitated for months. Meanwhile, a prolonged outage at JLR was estimated to have cost the UK economy an unprecedented £1.9 billion — thought to be the most expensive cyber-attack in British history.
Unprepared and Exposed
Vodafone’s poll paints a troubling picture of corporate cyber readiness. On average, employees were found to be using their work passwords for up to 11 personal accounts, including social media and dating platforms — a practice that exposes them to credential stuffing, where hackers use stolen passwords across multiple sites.
Even more concerning, fewer than half (45%) of businesses confirmed that their staff had undergone even basic cyber-awareness training.
The rise of artificial intelligence is further complicating matters. Some 70% of business leaders told Vodafone that deepfake technology has made them more suspicious of video communications involving senior colleagues or executives.
A separate Business Resilience Index published by managed service provider Six Degrees reinforces these warnings, finding that 28% of UK organisations were “at risk”, with average uptime across critical business services at just 73%over the past year.
Also see: A Cyber Free Bubble – A Living Hell
Industry and Government Responses
Nick Gliddon, Business Director at Vodafone, described the findings as “alarming”, but stressed that many effective countermeasures — such as better password practices and expanded staff training — are “relatively simple to implement”.
Advertisement
The UK Government has also stepped up its efforts to protect consumers and businesses from online fraud and scams. In November, major telecoms firms signed a second Fraud Sector Charter, which will take effect later this year. The agreement will require the industry to:
- Upgrade network infrastructure to prevent number spoofing
- Introduce a traceback system to trace suspicious calls in real time
- Restore trust in SMS by authenticating sender IDs and tightening vetting of bulk messaging services
- Enhance threat intelligence sharing on AI-generated fraud, including voice cloning and deepfakes
- Expand support services for victims of cybercrime
“The government’s announcement of its second Fraud Sector Charter for telecommunications, coupled with a new fraud strategy to be launched next year, marks a significant and timely development,” said Gliddon. “It underscores the seriousness of the threat and the necessity of a united approach between industry and government to tackle online fraud and cybercrime effectively.”
A Call for Greater Resilience
The findings underline a sobering truth: while British executives are increasingly aware of digital threats, many organisations remain ill-equipped to withstand them. As cyber-attacks become more sophisticated and AI-generated fraud rises sharply, experts warn that 2024 could mark a turning point for the UK’s digital resilience — a year in which awareness must finally translate into action.
