Introduction
The cybersecurity readiness of UK businesses is alarmingly low [4], with AI-related threats posing significant challenges. Recent incidents involving major retailers have highlighted vulnerabilities, and a lack of skilled professionals exacerbates the situation. Despite some progress in adopting AI for cybersecurity, many organizations remain ill-prepared to defend against sophisticated attacks.
Description
The cyber readiness of UK businesses remains critically low [4], with a significant threat from AI-related attacks overwhelming security teams [4]. Recent cyber incidents involving major UK retailers [3], including M&S [2], Co-op [2] [3] [6], and Harrods, have raised alarms about the cybersecurity preparedness of British businesses [2]. Co-op faced disruptions in card payments and data breaches [3], while M&S experienced product availability issues due to its own cyber incident [3]. According to Cisco’s 2025 Cybersecurity Readiness Index [3] [4], which surveyed 8,000 private sector leaders globally [4], only 4% of UK firms possess adequate tools to defend against complex cyber threats [1], a slight increase from 2% the previous year [3] [4]. Alarmingly, 78% of UK organizations reported experiencing AI-related incidents last year [4], including exposure of training data [4], model theft [4] [5], data poisoning [4] [5], prompt injection [4] [5], and AI-enhanced social engineering [4]. However, only 52% of respondents felt their staff fully understood these AI-related threats [3], highlighting a significant awareness gap that leaves organizations vulnerable.
Moreover, a substantial 83% of UK organizations are facing a shortage of skilled cybersecurity professionals [2], with nearly half (48%) of businesses having over ten unfilled positions in their security teams [4], an increase from 41% the previous year [1] [3] [4] [6]. This talent gap leaves many critical security roles unfilled as cyber threats escalate [6]. Over half (52%) of UK firms lack confidence in detecting shadow AI within their organizations [4], and 65% of IT teams lack visibility into unauthorized AI tool usage by employees [2], raising concerns about ‘shadow AI.’ Alarmingly, 22% of employees have unrestricted access to third-party generative AI tools, posing further security risks, while 60% of IT teams lack insight into specific prompts or requests made by employees using these tools [5].
Despite these challenges [4] [7], there is a growing awareness of the problem [4], with 92% of UK organizations utilizing AI to address cyber risks [4]. This includes 81% employing AI tools for threat detection and 71% for response and recovery [4]. Investment in AI-driven technologies has risen to 65% [4], up from 55% last year [4]. Financially, 32% of breached organizations reported losses exceeding $500,000 [4], yet only 45% of UK respondents allocate more than 10% of their IT budget to cybersecurity [4], a decrease from 54% the previous year [1] [2] [3] [4] [6]. There is a growing divide between firms that invest proactively in cybersecurity and those that do not [2], indicating that reactive strategies are unsustainable in the current AI landscape [2].
The situation is further exacerbated by a persistent cybersecurity skills shortage and the increasing aggressiveness of ransomware groups, which are adopting new extortion tactics and focusing their attacks on AI technologies [6]. More than 40% of employees in large enterprises use generative AI tools daily without formal guidance [2], increasing the risk of security breaches. Martin Lee [2], EMEA lead at Cisco Talos [2], emphasized the vulnerability of organizations [2] [3], stating that many are “sitting ducks” for cybercriminals who have developed effective business models for profit [2]. He cautioned that while AI can improve security monitoring and threat detection [2], it requires professional oversight for effective implementation [2]. The report also highlights the challenges posed by security complexity [2], with over two-thirds of businesses relying on more than ten disconnected security tools [1] [2] [6], which can hinder response times and increase the risk of missing threats [1] [2] [6]. Despite 71% of firms believing a cybersecurity incident is likely to disrupt their operations within the next 12 to 24 months [1], only 34% feel confident in their current cybersecurity infrastructure’s resilience against attacks [1]. Lee advised companies to strengthen their core defenses [2], as cybercriminals often seek the easiest targets [2] [6]. Cybersecurity is a global issue [2] [6], with threats transcending national boundaries [2], and external threats from malicious actors and state-affiliated groups are viewed as more significant than internal threats [7]. To address these challenges [7], organizations must simplify their security frameworks [7], prioritize cybersecurity in IT budgets [7], enhance AI threat awareness [7], and focus on AI for threat detection [7], response [1] [2] [4] [6] [7], and recovery [4] [7].
Conclusion
The current state of cybersecurity in UK businesses is precarious, with AI-related threats and a shortage of skilled professionals posing significant challenges. To mitigate these risks, organizations must invest in AI-driven security solutions, enhance staff awareness of AI threats, and prioritize cybersecurity in their budgets [7]. Simplifying security frameworks and strengthening core defenses are crucial steps in preparing for future threats. As cybercriminals continue to evolve their tactics, proactive and comprehensive strategies are essential to safeguard against potential disruptions.
References
[1] https://www.decisionmarketing.co.uk/news/just-4-of-uk-businesses-able-to-fend-off-cyber-attacks
[2] https://www.business-live.co.uk/retail-consumer/ms-harrods-co-op-cyber-31589181
[3] https://www.kentonline.co.uk/news/national/uk-firms-have-alarming-gaps-in-cybersecurity-readiness-145767/
[4] https://www.infosecurity-magazine.com/news/talent-shortages-bite-80-uk-firms/
[5] https://www.itpro.com/security/cisco-cybersecurity-readiness-index-2025-ai
[6] https://www.cityam.com/ms-harrods-and-co-op-attacks-expose-uks-growing-cybersecurity-risks/
[7] https://blogs.cisco.com/gov/study-alarming-deficiencies-european-cybersecurity-2025
