Nearly half (43%) of UK organisations believe their cybersecurity strategy is watertight and requires little to no improvement, according to new research from data security leader Cohesity. This complacency is leaving British businesses dangerously exposed and without adequate backup plans when disaster strikes.
According to the research, the vast majority of British businesses (90%) had to lean on cyber insurance to cover recovery costs, whilst 91% stated that cyber insurance did not adequately cover recovery costs. The findings prove that cyber threats are evolving much faster than insurers can model them, whilst businesses are viewing insurance as the first line of defence, when it should be the last.
The report also highlights the material impact of cyberattacks, which are increasing in scale and sophistication:
-
71% of UK businesses have paid a ransom in the past 12 months
-
A third of organisations (33%) have paid $1 million (approx. £760,000) or higher in ransom following a cyberattack
-
The UK is shelling out when it comes to ransomware payments, with payments averaging $1.4 million (approx. £1,051,000), compared to a global average of $1.3 million (approx. £976,000)
Stock price plunges and shareholder scrutiny
The aftershocks of cyberattacks have spread beyond technical recovery, seeping into wider business operations. Incidents now compel companies to reshape boardroom priorities, financial planning, and growth strategy:
-
84% of businesses said revenue was impacted, with a third (31%) stating this was between 1-10% of annual revenue
-
76% saw stock price impacted
-
86% received inquiries or increased pressure from shareholders
-
45% received fines or formal penalties
-
Almost a third (28%) experienced a lawsuit or class-action litigation
Fraser Hutchison, VP Northern Europe at Cohesity commented: “Our research shows that a large portion of British businesses are overconfident but underprepared when it comes to cybersecurity. Most organisations are still misjudging the true material impact of cyberattacks; from recovery costs and the effect on earnings and stock price to legal, regulatory, and compliance consequences.”
“Even large, well-known brands fall victim to attacks with state-of-the-art technology for threat detection and prevention in place. We need a bigger focus on response and recovery, so organisations can better respond to and bounce back from cyberattacks which are now an inevitability.”
Methodology
Findings are based on a survey of 400 IT security decision makers and IT/data decision makers in the UK commissioned by Cohesity and conducted by Vanson Bourne in September 2025. The organisations had 1,000 or more employees and came from a range of public and private sectors.
Cohesity is certified as a Great Place to Work in multiple countries. Follow Cohesity on LinkedIn and visit cohesity.com to learn more.
 of UK organisations believe their cybersecurity strategy is watertight and requires little to no improvement, according to new research from data security leader Cohesity.){kind=link}