The report shows breach prevalence has remained stable compared with prior years, but widespread exposure persists across sectors. Many organizations still lack formal incident response plans and supplier-risk reviews. Industry commentary from NCC Group and techUK underscores persistent preparedness gaps despite rising awareness of cyber risk.
Attorneys advising UK-based businesses and charities should note the scale of exposure: nearly half of businesses report breaches annually. Organizations without documented incident response procedures and supply-chain risk assessments face particular vulnerability. The survey's findings on AI adoption outpacing security governance also signal emerging compliance and liability risks for boards and general counsel overseeing technology strategy.