British cyber-security breaches have risen by an estimated 50%, per the head of the National Cyber Security Centre (“NCSC”), Richard Horne. This alarming rise has affected some of ‘Britain’s biggest brands’, such as Marks and Spencer’s, Co-op and Jaguar Land Rover. Inthe year leading up to August, the NCSC helped businesses investigate 429 cyber-security incidents. According to Horne, eighteen of these incidents were of “national significance”, due to their effect on the central government, British economy or many citizens [1]. This data highlights the gravity of the issue at hand, with potential implications for national security or the privacy of civilians.

Why are cyber-attacks increasing?

It is speculated that the hackers are readily obtaining ransomware from Russian-speaking criminals, utilising this to hack into businesses’ technological software and extort money from them. Ransomware disrupts the target’s computer networks until a ransom is paid [2].

How is this affecting businesses?

Cyber-attacks affect various sectors in different ways. However, an important factordetermining the severity of impact lies in how their supply chains operate. Carmakers may be particularly affected due to their tendency to operate under “just-in-time-delivery”,cutting costs by receiving parts at the exact time they are necessary. Thus, proving a supply chain disruption due to system shutdown to be detrimental. Similarly, retailers may operate under a carefully curated supply chain to ensure that they have stock for customers, whichcould also face serious disruption if they are hacked. The higher up the targeted business is in the supply chain, the more widespread the impact becomes [2].

Whilst larger businesses may fare this better, smaller firms may become bankrupt within aweek due to insufficient cashflow. Large businesses may last a fortnight. Cashflow is essential to keep businesses running to make their regular payments. This highlights the importance of limiting the number of cyber incidents [2].

Addressing the issue

In July of last year, the government announced plans to implement a Cyber Security andResilience bill, but this has been delayed several times [2]. This bill proposed steps to address increasing cyber-incidents. For example, monitoring supply chains and ensuring that all parties take stringent cyber security measures. [3]

The former chief executive of Aston Martin, Andy Palmer, suggested that the “lean production models” characterised by the risky supply chain must be changed to prevent any further cyber-attacks. Despite this, he stated that the large costs of altering the production model may make this change unlikely. [2]

Legal impact

Increasing cyber-incidents will likely generate significant work for dispute resolution lawyers and criminal lawyers. Firstly, cyber criminals may be sued. Moreover, a cyber security breach could prevent a party from fulfilling their contractual obligations. Key legal issuessuch as potential damage awards, or whether a force majeure clause covering “technological disruptions” applies, willhave to be determined [4]. Other issues could include lawsuits from customers [5], or the firm seeking compensation from third-party software providers [6].

Moreover, as the law requires organisations to “take continual and proactive steps to protect themselves against cyber-attacks” per the Information Commissioner’s Office, those who fail to do so may face legal consequences. This includes installing the newest securitypatches promptly, ensuring all IT systems have MFA or MFA-standard protection, amongstother criteria. In June 2022, DPP Law Ltd, a law firm specialising in crime, military, family fraud, sexual offences and actions against the police, was victim to a cyber-attack to which hackers gained mass amounts of client data and leaked this to the dark web. However, as DPP had failed to adequately secure personal data, they were fined £60,000 for their error [7].

Conclusion

Increasing cyber-attacks on British businesses could be detrimental. This could haveramifications for the targeted company itself, their customers and their clients, which proves especially harmful in the context of a supply chain. The UK government is making steps towards reducing such cybercrime, but this is to no immediate effect. This conveys the urgency of businesses ensuring that they are proactive in protecting their computer systems, and to not become the next unfortunate victim to cybercrime.

Bibliography

[1] Pearson J, ‘UK warns business leaders as ‘highly significant’ cyber incidents rise 50%‘(Reuters, 14 October 2025) <https://www.reuters.com/world/uk/uk-warns-business-leaders-highly-significant-cyber-incidents-rise-50-2025-10-13/> accessed 18 October 2025

[2] Leggett T, ‘The Cost of Cyber Hacking on UK Business Is Greater than It Seems’ (BBCNews, 6 October 2025 <https://www.bbc.co.uk/news/articles/c5ye8zj5l4jo#:~:text=In%20all%2C%20a%20government%2D run,were%20targeted%20across%20the%20UK> accessed 18 October 2025

[3] ‘Cyber Security and Resilience Policy Statement’ (GOV.UK, April 2025 <https://www.gov.uk/government/publications/cyber-security-and-resilience-bill-policy-statement/cyb er-security-and-resilience-bill-policy-statement> accessed 18 October 2025

[4] ‘Force Majeure Explained: What Is It, How It Works & More.’ (Summit Law LLP, 8October 2025) <https://www.summitlawllp.co.uk/force-majeure-legalguide/#:~:text=Cyberattacks%20and%20technological%20failures,covering%20technological%20disruptions%20could%20apply> accessed 18 October 2025

[5] ‘M&S Faces “unprecedented” Customer Lawsuit over Cyberattack Data Breach’ (ITVNews, 3 June 2025)<https://www.itv.com/news/2025-06-03/m-and-s-faces-unprecedented-customer-lawsuit-over-cyberat tack-data-breach> accessed 18 October 2025

[6] Lamche A, ‘NHS Software Provider Fined £3m over Data Breach’ (BBC News, 27 March2025)<https://www.bbc.co.uk/news/articles/cp3yv1zxn94o> accessed 18 October 2025

[7] Information Commissioner’s Office, ‘Law Firm Fined £60,000 Following Cyber Attack’(ICO, 16 April 2025)<https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/04/law-firm-fined-60-000-follo wing-cyber-attack/> accessed 18 October 2025