Are you taking cyber seriously?

The cyber threat landscape is rapidly changing both within the UK and globally. It’s gone from important to non-negotiable for businesses to have a critical understanding and knowledge of cybersecurity, as well as strong leadership with advanced tech skillsets. 

This last year is evidence enough, with high-profile companies being impacted by data breaches. In April 2025, retailer Marks & Spencer had what they’re calling a ‘cyber incident’ that compromised customer data, forcing their systems offline. The impact was huge – online shopping systems took six weeks to be safely relaunched, not to mention the knock to consumer confidence, which will take much longer to regain. M&S had to engage cybersecurity specialists to work with them to resolve the issue.  

In August 2025, Jaguar Land Rover was also a high-profile victim of a cyber attack. The BBC has reported that attack is the “most economically damaging cyber event in UK history”, with an estimated cost of £1.9bn, impacting 5,000 businesses and full recovery not expected until January 2026.   

It’s not just third-party hackers that can cause these huge cyber issues. In November 2025, a Cloudflare infrastructure issue led to widespread outages on services like X and OpenAI. The root cause was ultimately said to be a “a configuration file that is automatically generated to manage threat traffic” that grew beyond its expected size and triggered a crash in the software system. Similarly, in October 2025, Amazon’s AWS outage brought down thousands of services across retail and finance, due to a bug in its automation software causing an empty DNS record. 

What these incidents prove is that businesses now, more than ever, need to place cybersecurity and cyber resilience at the forefront of their business plans. This is particularly the case in sectors like finance, banking and retail due to the volume of sensitive data they hold. The attacks are being driven by ever-increasing ransomware and sophisticated AI-powered threats that are evolving rapidly – businesses need to be one step ahead of the game.  

It’s not just big companies that need to be paying attention; small companies need to have robust security and in-house tech skills to protect against cyber issues, as the impact can be harder to weather. Just one cyber attack can be enough to bring down SMEs for good. The consequences of a cyber attack or cyber malfunction are huge. It erodes customer trust, has financial impact, causes operational disruption and there could be regulatory consequences. 

No business is exempt

According to the National Cyber Security Centre (NCSC), the UK is experiencing “four ‘nationally significant’ cyber attacks every week”, and this represents a sharp rise over the last year. It’s imperative that companies have a plan of action to protect data and systems. 

Smaller businesses can be an easier target due to potentially weaker defences, limited IT investment and a lack of dedicated cyber expertise. However, larger corporates are at risk due to the complexity and scale of systems they use, which can create weakness or areas of vulnerability. For hackers deploying AI, it’s quicker and easier than ever to find those areas and breach them.

Cyber weakness can also be created in-house. Employees could be using free AI tools, such as ChatGPT, unguarded browser extensions or publicly hosted LLMs to speed up their workload. However, this comes with inherent risks, such as copying sensitive data into unsecured platforms, data being accessed by third parties, and a lack of corporate oversight. This highlights the need for comprehensive staff training on the risks of using unsanctioned tools, as well as investment in high-level AI solutions to solve the problems being met by unlicensed freeware. 

As Dr Richard Horne, Chief Executive of the NCSC, says: “Cyber security is now a matter of business survival and national resilience… The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.” The NCSC has released a free cyber toolkit to help small businesses to protect themselves 

Building tech-literate leadership teams 

The growing threat of cyber attack has led to changes at the top when it comes to hiring trends. Top companies are now proactively hiring non-executive directors with extensive technology experience to build resilience. More than ever, it’s important to have tech knowledge and experience in the boardroom, driving business decisions. It’s not just about strengthening systems against data breaches, but staying competitive when it comes to implementing AI and emerging tech. 

The latest EY European Financial Services Boardroom Monitor found that 52% of all new board directors to UK financial services firms over the last 12 months brought technology experience. As Preetham Peddanagari, EY’s UK Financial Services Technology Consulting Leader, says: “Technology has moved from a back-office enabler to a boardroom capability.” 

Increased pressure from both regulators and customers to shore up defences, while continuing to evolve technologically, means that high-level leadership hires with specific skillsets are in high demand. In particular, boards are actively seeking senior leaders with skills in AI, data management, digital transformation and cybersecurity. Companies know that a lack of technological literacy in the boardroom makes them vulnerable. 

As well as board members, it’s also key to have a robust and skilled cyber team. Protection from cyber attacks runs far beyond software solutions; strong talent is essential. Building an effective cyber defence and resilience team means investing in roles like Cyber Security Officers, SOC analysts, threat and incident specialists and experts in governance, risk and compliance. But recruiting talent in these areas is highly competitive and the most skilled professionals are snapped up fast – demand is outpacing supply. 

Companies need to act fast to secure skilled talent to ensure business resilience. There also needs to be a comprehensive hiring strategy to utilise both contract and permanent placements to meet business needs. Cyber contractors have the advantage of offering flexibility and speed. If a breach has happened or a weakness discovered, contractors can come in with niche expertise and address the vulnerability. Contactors can also be utilised for short-term projects to build robust systems and train internal staff to upskill for long-term gain. However, it’s also important to build a strong permanent tech team to offer long-term stability and reassurance, as well as enable knowledge retention to deal with future vulnerabilities or malfunctions.  

At Spectrum IT we leverage our vast experience with filling cyber roles across all key sectors to enable companies to fill knowledge gaps and develop skilled cyber teams. Having access to an established talent pool means we can cut down time to hire, including high-level leadership roles, as well as technical and operational roles across all sought-after skillsets. Our deep understanding of the cyber skills landscape, and our previous cyber hiring experience, means we can work in partnership with internal talent acquisition teams who might be less accustomed to hiring for tech roles, whether contract, permanent or hybrid solutions. 

Ultimately, time is of the essence. Companies need to have cyber teams in place, as well as senior leadership with technological expertise to strengthen defences. Cyber threats are growing and attacks are more sophisticated than ever – hiring the right people is essential. Don’t wait for a breach before you act. 

Partner with Spectrum IT to build a stronger future and secure top talent and in-demand skills for your business. Contact us to find out more.