Written by Cyber Innovation Hub, Silver Partner of Wales Tech Week 2025

43% of UK businesses were hit last year. Would you be ready to respond?
Cybersecurity isn’t just an IT issue. It’s a business resilience issue. And the latest headlines are proof that no one is immune.
When M&S, Co-op and Harrods made front-page news following cyber breaches, the scale of the disruption raised eyebrows. But behind the headlines lies a deeper story: according to the BBC the likely entry point for the M&S breach was a third party who had access to its systems1. Reinforcing the message; you can outsource responsibility, but you can’t outsource risk.
Whether it’s a retail giant or a regional SME, cyber threats are not abstract or distant. They’re operational. They’re financial. And they’re deeply human.
Cyber risk doesn’t discriminate; but it does exploit the unprepared.
Most people don’t think about cybersecurity until it’s too late. Until payment systems go down, customer data is exposed, deliveries are missed and operations grind to a halt.
These aren’t IT failures. They’re full-scale business crises. One compromised supplier can disrupt an entire chain. And for smaller businesses, the impact can be existential.
As Tash Buckley from Cranfield University noted in a recent BBC interview2:
“For smaller companies, it’s more of an existential issue. They don’t have the kind of finances that M&S have to get the experts in.”
A recent UK Government report confirms what many already fear: cyber attacks are hitting organisations of every size. According to the Cyber Security Breaches Survey 20253, just over four in ten businesses (43%) and three in ten charities (30%) reported experiencing a cyber security breach or attack in the past year.
This isn’t a niche problem.
This is the everyday reality for UK organisations.
And for many smaller firms, with tighter margins and fewer in-house experts, the stakes are even higher.
Are you cyber resilient? 3 ways to find out
A cyber incident doesn’t need to spell disaster. Microsoft reports that 98% of cyberattacks can be prevented with basic cyber hygiene4. With the right habits, tools, and training in place, businesses can shut the door on the vast majority of threats.
But resilience won’t happen by accident. Here’s where to start:
1. Build cyber into business continuity planning
Cyber shouldn’t sit in a silo. Your risk register should include realistic scenarios, and your business continuity plans should reflect the growing threat landscape.
- Which systems are mission-critical?
- What’s your recovery time objective?
- Have you tested your plan under pressure?
If your team isn’t clear on what happens when the systems go down, you’re not ready.
2. Focus on foundational cyber hygiene
Many high-profile attacks exploit basic weaknesses. Weak passwords, outdated software, or unsecured third-party access.
Simple, shared standards can dramatically reduce exposure.
- Use strong, separate passwords and multi-factor authentication
- Keep systems and software up to date
- Back up critical data regularly
- Vet your suppliers and review access controls
Don’t underestimate the basics – they’re your frontline defence.
3. Train everyone – not just IT
Cyber resilience is a whole-organisation issue. Your comms team, ops lead, and finance manager all have roles to play when things go wrong.
Make sure they:
- Know the signs of an incident
- Understand how and when to escalate
- Are confident acting under pressure
Cyber security isn’t about knowing everything, it’s about knowing what to do next.
Turning readiness into action
At Cyber Innovation Hub, we don’t just talk about cyber resilience, we help organisations build it. Here’s how we’re helping teams across Wales and beyond get ahead of threats:
Bitesize Cyber Courses
Accessible, practical training for busy teams. From cyber hygiene to critical infrastructure security, our bitesize and hands on courses are here to build real-world cyber resilience across your organisation.
Designed for busy professionals, delivering practical skills that make an immediate impact, without disrupting schedules. Through realistic, scenario-based exercises, teams practice defending critical systems in safe, controlled environments, so they’re ready to respond when it matters most.
Explore our courses: https://cyberinnovationhub.wales/training/training-and-skills/
Real-World Testbed Environments
When you’re deploying a new system or solution, the last thing you want is to test it live and risk downtime or vulnerabilities. That’s where our testbeds come in. Built for organisations and critical environments, our safe, simulated spaces let you test cyber defences, simulate real-world attacks, including AI-driven threats, and refine your response strategies before anything goes live.
Whether you’re validating a solution, training your team, or exploring potential blind spots, we give you the environment to stress-test your systems without the risk. Because in cybersecurity, confidence comes from what’s been tested, not what’s assumed.
Explore how Cyber Testbeds could strengthen your security: https://cyberinnovationhub.wales/testbed-and-infrastructure/
Final word: security is a shared responsibility
You don’t need to be a cyber expert. But you do need to know how your business will respond if the worst happens.
Cybersecurity is a people issue. And people who understand the risks and practise their response are your strongest line of defence.
So ask yourself: If a cyber incident hit your business tomorrow, would you be ready to respond?
This November at Wales Tech Week, we’ll be showcasing how we’re helping businesses like yours prepare, adapt, and thrive in the face of growing cyber risks.
Come and see what readiness looks like – and why it matters more than ever.
Explore what’s possible with Cyber Innovation Hub.
The future? Let’s secure it. https://cyberinnovationhub.wales/ 
1 https://www.bbc.co.uk/news/articles/cpqe213vw3po
2 https://www.bbc.co.uk/news/articles/cpvren4je77o
The post Cyber Isn’t Just For Tech Teams: Why Every Business Needs a Response Plan appeared first on Technology Connected.

