Recent insights from the Royal Institution of Chartered Surveyors (RICs) have revealed that approximately 1 in 4 UK businesses were victims of a cyber-attack in the last year.

The timely publication of the report follows a string of cyber-attacks on major retail industry players — including Marks & Spencer (M&S), The Co-op, and North Face — were carried out since the Easter weekend, which raised concerns for the readiness of smaller businesses owners with half the resources of major corporations to be able to protect themselves from adversary attacks.

The report found that a staggering 27% of surveyed companies had suffered a cyber-attack in the last year, up 16% from the previous year. The report also highlighted critical vulnerabilities in operational technology, including building management systems, CCTV networks, Internet of Things (IoT) devices and access control systems as risks in need of remediation across organisations in the UK.

The findings provide a wider scope of the threat landscape with other publications, such as the annual Cyber Security Breaches Survey conducted by GOV.UK, which revealed that 43% of UK businesses experienced a cyber breach or attack in the last year. Combined, the findings underscore how sensitive data is increasingly being compromised – whether by external adversaries or through inadvertent internal leaks, highlighting the need for a coordinated and proactive effort by organisations to protect their systems and data.

More work is needed to raise awareness of cyber-attacks and to ensure that all organisations in the UK are protected by robust cybersecurity measures. What was once an overlooked aspect of business operations is now emerging as a priority, especially after M&S became a prime case study illustrating the damaging impact of cyber-attacks. However, a common misconception persists – that the size of an organisation provides immunity from being targeted, with smaller enterprises believing they are less vulnerable than large corporations. The cyber threat landscape extends far beyond political warfare between nation-states or highly targeted attacks on corporations. Most attacks today are automated and widespread, sent to hundreds of thousands of individuals at once, and can impact anyone or any organisation who is deceived by them. Cybercriminals are opportunists – they may not be targeting you specifically, but they will seize the chance to exploit valuable assets from you if you fall into their trap.

If your organisation does not have regular cyber security training in place, we implore you to start annual training on data security, phishing awareness, and malware to ensure that your team know how to respond to a cyber threat. We highly recommend the e-learning courses provided by our partners OSP Cyber Academy, which offer engaging, interactive, and affordable resources that you can share with your team.

If you’d like any further support in bolstering your cyber defences or want guidance on where to begin, don’t hesitate to reach out to us – we’ve got your back.