Business & Technology
UK cyber survey exposes gaps in basic security controls
The UK government has published the 2025/26 Cyber Security Breaches Survey for businesses and charities. Security experts say the findings expose persistent gaps in basic controls, supply chain oversight, and incident reporting.
The latest annual survey points to continued exposure to cyber incidents across UK organisations, alongside uneven adoption of recognised security standards and controls. It is based on research carried out for the Department for Science, Innovation and Technology and the National Cyber Security Centre.
Chris Newton-Smith, Chief Executive Officer at IO, said the findings on formal security frameworks highlighted a structural weakness in many organisations.
“Today’s Cyber Security Breaches Survey has once again revealed some stark and urgent findings about the state of the UK cyber security landscape.”
“The continued low uptake of recognised standards, with only 5% of businesses reporting adherence to Cyber Essentials, signals a missed opportunity to build structured resilience. Frameworks should not be seen as a compliance overhead. They provide proven, repeatable security practices and can reduce reliance on fragmented external advice. Organisations that depend heavily on consultants instead of frameworks risk inconsistent controls and a lack of internal capability. Frameworks such as Cyber Essentials can help turn good intentions into operational discipline.”
“The survey shows some encouraging improvements in baseline hygiene, for example in risk assessments, policies, and insurance. But despite progress in several hygiene practices, small businesses returned to 2023/24 levels. This creates a false sense of security. Organisations are doing visible things, but not necessarily the things that are most effective. Cyber hygiene is improving, but resilience requires depth, not just breadth.”
“This is compounded by the very low level of supplier risk reviews, with only 15% reviewing the risks posed by their immediate suppliers. That highlights a significant systemic vulnerability. It is particularly critical in light of increasing regulatory pressure, especially from rules such as DORA and NIS2, which place strong emphasis on supply chain resilience and third-party risk management. Many organisations are strengthening their internal defences while leaving a critical gap in how they assess and manage supply chain risk, effectively reinforcing the front door while leaving the back door open.”
“Cyber security maturity is not defined by how many tools an organisation deploys, but by how consistently it applies governance, manages risk, and aligns to recognised standards. The organisations that close that gap and achieve true resilience will be the ones that turn cyber security into a genuine competitive advantage.”
Newton-Smith highlighted supplier oversight as a particular concern, given growing regulatory pressure such as the EU’s Digital Operational Resilience Act and updated Network and Information Systems rules. Those regimes place greater scrutiny on third-party risk and operational continuity across digital supply chains.
The survey also reports relatively low adoption of multi-factor authentication across UK companies, despite official guidance treating it as a basic control. The findings suggest many firms still rely on passwords as the primary safeguard for access to systems and cloud services.
Michael Downs, Vice President at SecurEnvoy, said many organisations continue to delay adopting multi-factor authentication despite its role in blocking common attacks.
“The 2026 Cyber Security Breaches Survey still shows surprising figures on how few businesses have implemented multi-factor authentication as a standard security control. Only 47% of businesses have adopted it, meaning a significant proportion of organisations are leaving the door wide open to cybercriminals.”
“MFA is one of the most straightforward controls available and does not require a lengthy procurement process or specialist hire. If an attacker gets hold of a password through phishing or a credential leak, MFA adds another layer of protection. Given that stolen credentials feature in the majority of breaches, there is no excuse not to offer it to employees, contractors, and customers.”
“Businesses also need to be aware that the NCSC’s Cyber Essentials scheme is being updated this year to require MFA on all cloud services, so it will no longer be a nice-to-have. For the many organisations still holding out, implementing MFA is the most direct step they can take to improve their security posture today.”
Regulation features heavily in expert reactions to the survey. Specialist providers see forthcoming rules as a catalyst for more rigorous preparation, especially around detection, response, and reporting.
Richard Groome, OT Cybersecurity Specialist at e2e-assure, said current breach notification levels remain well below the standards set in upcoming legislation.
“Only 50% of businesses surveyed say they currently inform regulators about breaches. Incident reporting is about to become much more important because, under the Cyber Security Resilience Bill, organisations deemed critical will be required to report significant cyber incidents within 24 hours, with a full report due within 72 hours. That is a completely different standard from what most businesses currently operate to, and the gap between today’s practice and tomorrow’s requirement is significant.”
“It is worth noting that regulators can designate any supplier, including SMEs and non-UK entities, as critical if their failure could disrupt essential services. The potential scope is therefore massive and not limited to large organisations.”
“Meeting those reporting deadlines requires mature SOC processes, 24/7 monitoring, and automated detection capabilities that many smaller organisations simply do not have in place today. Most will also need to identify and notify affected customers within that same window, which demands granular visibility into systems and workloads that few have yet built.”
“Organisations should be assessing their incident detection and reporting workflows now, mapping their IT ecosystem, and ensuring they have the monitoring capability to identify a breach quickly enough to meet the new thresholds.”
“The survey shows that senior management are being informed when breaches occur. The CSRB will extend that accountability outward, and businesses need to be ready for it.”
Groome also pointed to the financial impact of serious incidents, which he said often exceeds the direct costs cited by respondents.
“For organisations that experienced a breach in the past 12 months, the average perceived cost is just £940, but this rises to £20,000 at the 95th percentile. These costs might sound manageable, but the reality for those at the more severe end of the spectrum is anything but.”
“The Jaguar Land Rover attack was estimated to cost the business around £5 million per day in lost profits, with the wider economic impact running into billions across the supply chain. The M&S ransomware attack resulted in losses of £300 million.”
“A large part of these costs is due to the downtime caused by attacks. With this in mind, we need to be acutely aware that our Critical National Infrastructure is particularly vulnerable to shutdowns, and the knock-on costs of downtime will have an even greater impact on the organisations we all depend on to live: power, water, and food.”
“Attackers know this. Modern ransomware attacks go beyond encrypting data. Attackers understand that months of downtime, and the financial damage that comes with it, are a lucrative bargaining chip in ransom negotiations.”
“UK businesses need to invest in continuous monitoring, faster detection, and tested incident response. That not only reduces the likelihood of a breach but also directly limits the financial exposure when one occurs.”
JOSEPH GABRIEL LAGONSIN
News Editor
Pulsant has completed a GBP £2 million investment programme across its UK data centre network, covering eight sites and focusing on upgraded facilities for customers, visitors and staff.
Delivered over the past two years, the programme covered sites in Croydon, Edinburgh, Maidenhead, Manchester, Milton Keynes, Newcastle, Reading and Rotherham. Further upgrades are under way at Pulsant’s recently acquired Birmingham and Fareham locations.
The refurbishment focused on customer-facing and operational areas inside the facilities. Changes included new layouts and signage, meeting rooms with AV technology and guest Wi-Fi, breakout areas, electric vehicle charging points, upgraded build rooms and revised access processes.
The work followed a pilot project at Pulsant’s Croydon site, where customer groups were used to assess how people use its data centres in practice. Feedback pointed to demand for more efficient and more welcoming on-site spaces for IT teams and technicians.
More than 500 UK businesses use Pulsant’s colocation services, placing their own servers and IT systems in the company’s facilities. Background information accompanying the announcement said Pulsant serves about 700 clients across its wider digital infrastructure estate.
Site changes
Pulsant introduced a zonal layout and updated signage to help engineers move around sites more quickly. It also created dedicated build bays with tools, test power distribution units and equipment so hardware can be prepared outside the data hall before installation.
Security and access were also part of the overhaul, with site access processes improved to reduce bottlenecks at busy periods while maintaining existing security standards.
Other additions included boardrooms, breakout rooms, rest areas and complimentary drinks. Post-upgrade feedback from clients and contractors highlighted those features alongside site security.
Customer feedback
Pulsant said client advocacy more than doubled after the changes, with a 33-point rise in Net Promoter Score among those who said they would recommend the company to industry peers looking for colocation services.
Ben Cranham, chief operating officer at Pulsant, said the project was designed to shift attention towards the people working in and visiting the facilities, alongside the underlying infrastructure.
“Data centres are often designed primarily around the infrastructure, rather than the people who work in them every day,” Cranham said.
He said the company used feedback from regular site users to guide the redesign.
“From the outset, our goal has been to create spaces where everyone – clients, partners, visitors and our team – feels welcome, supported and happy to be there. We’ve listened to the people who spend time in our data centres to shape environments that reflect how they work, now and in the future.
“By paying close attention to details, we’re delivering spaces that not only enhance wellbeing and productivity but also help us stand apart in the market,” Cranham said.
Pulsant operates 14 data centres around the UK and positions its network around regional connectivity and access to cloud, connectivity and compute services. The latest investment reflects a wider push by data centre operators to improve working environments at facilities regularly used by customer engineers, contractors, suppliers and in-house teams.
The British supermarket chain Iceland closed its high street shop in Sheep Street, Bicester, in 2024.
Since the company’s Food Warehouse stores opened in the nearby Launton Road Retail Park, the site has remained vacant.
Now, Allen Planning Limited, acting on behalf of an applicant, wants to alter the front of the ground floor shop front to attract a new commercial tenant.
It submitted plans to Cherwell District Council, the planning authority seeking what it called the creation of ‘minor external alterations’ which would ‘not adversely impact the design of the building or the wider visual amenities of the area’.
READ MORE:
Amendments include a white render band in place of signage, slimline aluminium windows, a glazed fanlight, a new aluminium double door with fanlight, and a separate aluminium entrance door to the first floor, as previously approved under plans.
Changes to the two upper floors have already been approved, including installing replacement windows and five new infill panels.
The site sits within the Bicester Conservation Area, which is also within the newly pedestrianised ‘Sheep Street’ character area, which is characterised by predominantly three-storey buildings facing onto the main shopping street.
Comments are due until July 2 and the planning authority is set to make a decision by July 24.
SOFIAH NICHOLE SALIVIO
News Editor
CyberCube has partnered with Affinity Marketplace to integrate cyber insurance quoting into a single broker workflow, targeting the SME cyber insurance market.
The partnership combines Affinity Marketplace’s quoting process with CyberCube’s Broking Manager software, which provides information on a client’s cyber risk profile. The integrated setup is designed to help brokers discuss financial exposure and compare risk transfer options without leaving the same system.
SME cyber insurance has been held back by a lack of specialist knowledge, the challenge of explaining technical risk to smaller businesses, and the time brokers need to place cover. The integrated process is intended to reduce those points of friction for generalist brokers and their clients.
CyberCube’s Broking Manager generates reports on company-specific financial exposure, along with benchmarking data on policy limits and cover structures. Affinity Marketplace provides the digital environment where brokers can obtain automated quotes.
Nate Brink, Head of Broker Sales & Account Management at CyberCube, said the model addresses both economic and training challenges in the market.
“This strategic relationship between CyberCube and Affinity Marketplace solves the margin and education crunch that has long plagued the SME cyber insurance sector. By automating the quoting process directly alongside actionable exposure data within the same workflow, brokers can instantly demonstrate real risk without using complex technical jargon,” Brink said.
The approach allows brokers to stay within one system from the initial client discussion through to quotation. It also presents cyber risk in business terms that smaller companies can relate to when deciding whether to buy insurance and how much cover to take.
Founded in 2023, Affinity Marketplace focuses on digital distribution for specialty insurance. Its platform connects brokers and agents with managing general agents, carriers, and technology providers across quoting, binding, renewals, and carrier connectivity.
Andrew Suesserman, Co-founder of Affinity Marketplace, said: “Affinity Marketplace is all about giving brokers the tools they need to scale efficiently, and this collaboration with CyberCube does exactly that. We’ve combined rapid, automated cyber quoting with clear risk diagnostics in a single environment. This removes the complex jargon that usually stalls SME sales and gives generalist brokers the confidence to advise on exposures and limits like seasoned cyber specialists. We can’t wait to see our brokers leverage this to unlock new, highly profitable growth.”
Broker response
Wholesure, which uses the combined setup, said the integration has changed how its brokers and retail agents handle SME cyber placements. The brokerage cited a shortage of cyber specialists across the market as a barrier to broader take-up among smaller businesses.
Kevin Merchant, National Cyber Practise Leader at Wholesure, said: “With too few cyber specialists in the market today, closing the critical SME protection gap has felt like an uphill battle. Combining Affinity Marketplace with CyberCube has been an absolute game changer for our brokers, retail agents, and the insureds we protect. By utilizing Affinity Marketplace, our brokers gain instant access to seamless, efficient cyber quotes, eliminating the traditional friction of the placement process. Coupled with CyberCube’s robust financial loss impact and benchmark reports, our retail agents are equipped with the exact data-driven storytelling tools they need to educate insureds. We can present small business owners with clear, quantified evidence of their true financial exposure and show them how their peers are structuring their risk transfer.”
CyberCube was established within Symantec in 2015 and has operated as an independent company since 2018. It provides cyber risk analytics software to insurance institutions and has offices in San Francisco, New York, Chicago, London, and Tallinn.
The partnership is available through the Affinity platform.
-
Crime & Safety4 weeks agoRyan Bridge speaks of London arrest after Oxford incident
-
Oxford News3 weeks agoOxfordshire families invited to free day of fun in Bicester
-
UK News4 weeks agoRussian threats against Baltics ‘unacceptable’ and danger to ‘our entire union’, EU’s von der Leyen says – Europe live | Europe
-
Crime & Safety3 weeks agoPhotos as 1979 Pontiac Firebird ‘bursts in flames’ at Tesco
-
Business & Technology3 weeks agoNew ‘high-quality’ mushroom business launched in Oxford
-
Crime & Safety4 weeks agoNew video call system to help domestic abuse victims
-
Business & Technology3 weeks agoNHS IT outages disrupt 274,620 patient interactions
-
Oxford News4 weeks agoOxfordshire Lib Dems lose another councillor amid ‘serious concerns’