UK businesses are facing growing pressure from cyber threats, with a new survey warning that many may not withstand major UK businesses cyberattack. The findings highlight how exposed companies across the country remain to online fraud and cybercrime, as gaps in training, weak password practices, and increasingly sophisticated scams continue to undermine cyber resilience.
According to a recent Vodafone Business study, more than one in ten business leaders in the UK believe their organisation would be unlikely to survive a major cyberattack. The research, which surveyed 1,000 senior leaders across British businesses of all sizes, paints a concerning picture of how prepared—or unprepared—many firms are for incidents similar to those that disrupted major UK retailers and car manufacturers last year.
Weak Preparedness and Rising Threats Put Firms at Risk
The survey suggests that risk awareness has grown, but action has not kept pace. Nearly two-thirds of business leaders (63%) reported that their organisation’s risk of cyberattack has increased over the past year. At the same time, 89% said the highly publicised attacks on well-known brands last year had made them significantly more alert to online threats.
Despite this heightened awareness, fewer than half (45%) have ensured that all staff have undergone basic cyber-awareness training. This gap between concern and concrete action is leaving many UK businesses cyberattack–ready in name only, without the practical safeguards needed to prevent or respond effectively to incidents.
The findings also point to troubling weaknesses in everyday security practices. Password reuse remains widespread, with employers estimating that staff use their work passwords for an average of 11 other personal accounts, including social media and dating platforms.
Such habits significantly increase the risk of credential theft and unauthorised access, particularly when personal platforms suffer breaches.
UK Businesses Cyberattack: Human Error Remains a Major Vulnerability
The study underlines the central role of human behaviour in cyber risk. Nearly three-quarters of business leaders (71%) believe that at least one member of their staff would fall for a convincing phishing email. The most common reasons cited were a lack of awareness and training, staff being “too busy,” and the absence of clear protocols for verifying and flagging suspicious messages.
These factors continue to erode cyber resilience, especially as phishing campaigns grow more advanced. The emergence of artificial intelligence and deepfake scams is further complicating the threat landscape. Around seven in ten leaders said that deepfake AI videos have made them more wary of video calls that claim to be from senior colleagues or their boss, signalling a growing concern about impersonation fraud and social engineering attacks.
Government Moves to Strengthen National Defences
The UK Government’s announcement of a second Telecommunications Fraud Charter, set to launch later this year, has been positioned as a key step in strengthening national defences against cyber-enabled crime. The charter aims to bring industry and government closer together to close vulnerabilities, disrupt criminal activity, and protect businesses from financial and operational harm.
By enhancing collaboration and setting clearer standards for prevention, detection, and response, the new charter is intended to provide a more coordinated framework to safeguard the resilience and trust that UK businesses rely on. It also aligns with a broader fraud strategy expected to be launched next year.
Industry Reaction and Call for Practical Measures
Commenting on the findings, Nick Gliddon, Business Director, VodafoneThree, said:
“Some of these findings are truly alarming. The revelation that one in ten business leaders believe their company would not survive a cyber-attack highlights the scale of vulnerability facing UK firms today.
“Many steps – such as avoiding password reuse and enhancing staff training – are relatively simple to implement, and Vodafone Business is here to support organisations with practical solutions and expert guidance.
“In this context, the Government’s announcement of its second Telecommunications Fraud Charter, coupled with a new fraud strategy to be launched next year, marks a significant and timely development.
“This renewed focus from policymakers underscores the seriousness of the threat and the necessity of a united approach between industry and government to effectively tackle online fraud and cyber-crime.”
The survey results serve as a warning that cyber resilience is still uneven across sectors and company sizes. While awareness of threats is growing, persistent weaknesses in training, password practices, and incident readiness continue to leave many organisations vulnerable.
As cybercriminals adopt more advanced tools and techniques, including AI-driven scams, the gap between perceived risk and real preparedness could become increasingly costly. For UK businesses cyberattack readiness is no longer optional, it is a critical factor that may determine whether a company can survive and recover from the next major incident.
