A wave of outages and breaches has led to a feeling the stakes are raised for the threat of cyber attacks on the UK economy. A recent report and event hosted by Talan brought together a group of experts across the security and privacy sectors, with some surprising conclusions…

Publication of the latest findings from the UK’s Office of National Statistics is the first time a cyber attack has hit the 'bottom line' for the national growth figures, but probably not the last. The third quarter of 2025 showed a slowdown in production, mainly caused by a 28.6% drop in car output following the Jaguar Land Rover cyber attack, which also led the government to provide a £1.5 billion loan guarantee to prevent contagion across suppliers in the sector.

Following on from the Marks & Spencer and Co-Op attacks, both linked to hacking collective Scattered Spider, cyber security is now by some margin the top-rated risk to the interconnected, digital world in which UK organisations operate. Fast-moving, easily-replicable and now monetised, it’s the CISO’s job to keep on top of the latest best practice and tools to mitigate threats, but what about the challenge to board members, who are often drawn from non-technical backgrounds?  I recently attended the Talan Cyber RoundTable in London, representing CXB (Cyber Governance for Boards). This non-profit group helps Non-Executive Directors (NED’s) to raise their game in cyber governance, so I was interested to hear insights from Talan’s latest cyber research drawn from a survey of CISO’s which was launched at this event.

Probably the most eye-catching figure was that 99% of organisations polled feel confident in their ability to tackle cyber and privacy threats over the next year. I found this interesting for two reasons; firstly, the degree of confidence despite recent bad news, and secondly, that the disciplines of security and privacy are increasingly intertwined in the minds of CISO’s.

This makes sense on a human level, because when it comes to members of the public the two are linked holistically in whether they trust an organisation which holds their money, or their data, and when lost, it’s very hard to win it back. More personally, I've noticed in conversations with cyber professionals how our priorities are increasingly similar and focused on overlapping regulations (Online Safety Act, EU AI Act), tools and standards to mitigate risk (Impact Assessments, ISO 27001).

Coming back to the event and research, as we discussed the UK cyber landscape in the ‘safe space’ generously provided by Talan, for the gathered clients and associates the picture turned out to be more complex than the headline figure suggested. While almost all organisations have gone through an audit-based programme to demonstrate compliance from Cyber Essentials upwards, and most have an insurance policy in place there can be a tendency to take a ‘mission accomplished’ view of cyber, rather like that seen in the wake of the GDPR wave.

But like privacy, operationalising cyber governance beyond threshold level across an organisation is a tougher challenge which involves all stakeholders from the board through to those on the ‘shop floor’, plus external partners and where you are only as strong as the weakest link in the chain. The consequences of something going wrong like it did at Marks & Spencers are that while a large amount (£100 million) of their losses are covered by their insurance policy, their future premiums are due to rise significantly unless they can prove their risk management practices have improved.

In the room, the general feeling was that boards in particular struggle to grasp the latest concepts, threats and strategies around cyber, particularly with the now-widespread use of AI in organisations. In particular the board needs to ask the right questions of stakeholders, like “what would we do, if something like the M&S hack happened to us?” It was also agreed the Talan event was highly useful and something which should be repeated!

CXB may also have some answers to these issues, by bringing together NED’s, CISO’s, experts and trainers to support boards and increase their knowledge and confidence in cyber security through workshops and webinars. This offering includes a free, government-supported training pilot for 15 organisations beginning in January 2026, so if you’d like to know more click here…