Sponsored content: Kirsten Maley, UK director of claims at Cowbell, discusses the increasing need for cyber resilience
Over the past few months, we’ve all witnessed a host of UK organisations – not limited to any one sector – fall victim to cyber attacks.
The Co-op suffered an £80m hit to profits from a “malicious” attack, Jaguar Land Rover bore the full cost of a ransomware incident and several major airports, including Heathrow, experienced system disruptions due to ransomware targeting shared check-in software.
Having saturated the news of late, these incidents – among many others that weren’t reported on – were swiftly followed by the government’s Cyber security breaches survey 2025 results, which were published in May.
This year, the annual report echoed the headlines, estimating that UK businesses faced around 8.58 million cyber crimes over the past 12 months, including roughly 680,000 non-phishing incidents.
It also found that just over four in ten businesses (43%) reported having experienced a cyber security breach or attack in the last 12 months, equating to approximately 612,000 UK businesses.
At the same time, we can see that cyber security remained a high priority for around seven in ten businesses (72%), while the qualitative interviews suggested that organisations were sensing a growing and more sophisticated cyber security threat.
Perception and reality
So why are cyber attack rates still so high? Rather than a reduction in risk, what we’re seeing is a growing gap between perception and reality.
Essentially, attacks are evolving faster than many businesses’ ability to detect or respond to them. And they’re evolving for a number of reasons.
Firstly, the cyber attack business model has matured – criminal toolkits, credentials and initial access are now sold as a service, dropping the barrier to entry.
Secondly, the UK is a prime target thanks to its highly digital, English-speaking economy with dense supply chains and a long tail of SMEs that outsource critical IT.
And finally, and perhaps most importantly, AI is completely rewriting the rules.
As one IT manager from a medium-sized business put it in the Cyber security breaches survey: “I think it’s going to get more and more difficult with what’s out there with AI. I think there’s more for us to do to protect the end user and educate them.”
Raised the stakes
AI has truly raised the stakes on both sides. Offensively, it powers convincing deepfakes and polished, large-scale phishing – and accelerates reconnaissance.
But when used defensively, it helps us detect anomalies sooner, triage faster and focus human responders where they add the most value.
AI is a net positive when paired with disciplined fundamentals. We see the best outcomes when organisations combine AI-enabled detection with well rehearsed incident response, tested offline and immutable backups, strong identity hygiene, segmentation and supplier oversight.
That no-pay, rapid-restore mindset shortens outages and blunts extortion.
At Cowbell, we bring both sides together for UK policyholders by offering 24/7 incident response with digital forensics and incident response (DFIR), breach counsel and crisis communications – proactive services like phishing simulations, executive and business email compromise (BEC) workshops and tabletop exercises, as well as continuous education for brokers and insureds.
Cowbell and our vetted panel bring AI-driven tooling to speed containment and recovery, while our claims team keeps the process clear, fast and human.
Our goal is always a simple one, to help clients work quicker and smarter during an incident – and build resilience before the next one.
