The enduring repercussions of cyber assaults are increasingly becoming evident—and costly—for businesses in the UK.
Recent statistics from insurer Hiscox have highlighted the escalating long-term effects of cyber incidents, with damage to brand reputation and diminished customer confidence intensifying in a time when artificial intelligence is transforming the cybersecurity arena. In its most recent annual Cyber Readiness Report, the insurer disclosed that nearly half (47 percent) of UK companies targeted by cyber assaults in 2024 faced difficulties in attracting new customers after a breach. This represents a significant increase from just 20 percent of companies noting the same challenge in 2023.
Customer loss also surged considerably, with 43 percent of compromised firms experiencing customer exits—up from 21 percent the previous year. The occurrence of damaging press coverage rose from 25 percent to 38 percent, indicating that the reputational damage from cyber incidents can resonate long after systems have been restored.
Marks & Spencer now stands out as a prominent case. The FTSE 100 retailer encountered a significant data breach in April, reportedly disrupting essential operations and compromising customer information. The incident has already proven expensive: estimates indicate M&S may have forfeited over £60 million in online sales alone due to the digital disruption. Its share price has declined, erasing around £1.3 billion in market capitalization. The company is now anticipated to claim as much as £100 million from its cyber insurance policy, drawing parallels to other costly breaches affecting major retailers like Target and British Airways in recent years.
However, diminished sales represent only one aspect of the situation. Cyber assaults are increasingly harming long-term business collaborations. According to the Hiscox data, one in five organizations affected in 2024 reported losing business partners—a significant increase from 16 percent in 2023. This indicates a deterioration of trust not only with consumers but also with other enterprises in the supply chain or client network.
Alana Muir, head of cyber at Hiscox, emphasized the escalating risks posed by AI: “All businesses are vulnerable to cyber assaults, especially as threats evolve alongside advancements in AI. Cyber insurance not only offers financial security in the event of a breach but also equips businesses with the tools to recover quickly.”
Generative AI, in particular, is beginning to alter the cyber threat environment. Tools like ChatGPT and deepfake technologies have been utilized in phishing scams and corporate fraud schemes, allowing malicious actors to conduct highly customized and convincing attacks. According to Europol, AI is projected to “amplify the scale, sophistication, and impact of cybercrime” by enabling advanced hacking tools to be accessible to less skilled individuals.
Durgan Cooper, chair of the UK-based tech company CETSTAT, remarked that AI is “reducing the barrier to entry” for cybercriminals by allowing them to execute more personalized attacks with increased speed and efficiency.
Worryingly, 34 percent of companies surveyed acknowledged that their defenses had been breached due to insufficient technical skills. This illustrates a widening gap between the levels of threat and readiness. The UK government’s own National Cyber Security Centre (NCSC) has previously cautioned that even small and mid-sized enterprises are increasingly becoming targets of ransomware and phishing assaults, and has recommended a broader adoption of basic cybersecurity measures like multi-factor authentication and routine backups.
As the dependence on digital frameworks deepens and AI-driven threats rise, UK businesses may need to reassess both their cyber preparedness and the strength of their insurance coverage. Without sufficient investment in cybersecurity and cyber knowledge, experts warn that reputational harm and commercial repercussions could become ordinary following a breach.
