A significant portion of UK business leaders believe their organizations would not survive a major cyber incident, according to new research. The study, commissioned by Vodafone Business, surveyed 1,000 senior leaders and found that over 10 percent admitted their companies would be unlikely to recover from a serious attack.

Nearly two-thirds of those surveyed stated their exposure to cyber risk has increased over the past year. The findings highlight a critical vulnerability within the UK’s commercial sector as digital threats become more sophisticated.

Weak Cyber Hygiene and Training Gaps

The research identified fundamental weaknesses in basic cybersecurity practices. A prevalent issue is password reuse, with leaders estimating that employees use their work passwords for an average of 11 other personal accounts. These accounts often include social media and dating sites, a practice that significantly elevates risk.

Furthermore, awareness and training appear insufficient. Nearly three-quarters of leaders believe at least one employee would fall for a convincing phishing email. Cited reasons for this vulnerability include poor general awareness, a lack of specific training, staff being too busy, and an absence of clear protocols for reporting suspicious messages.

Despite high-profile cyber attacks last year making 89 percent of bosses more alert to online threats, fewer than half have provided their staff with cyber awareness training. This gap between recognition and action underscores a systemic challenge.

The Rising Threat of AI and Deepfakes

The threat landscape is evolving rapidly with the advent of artificial intelligence. The report notes that AI is making fraudulent scams harder for individuals to spot. Specifically, the rise of deepfake video technology has increased wariness around video calls that appear to come from senior colleagues.

These sophisticated deepfakes are used in social engineering attacks designed to trick employees into transferring money, handing over sensitive data, or granting system access. As the tools for creating deepfakes improve, these types of manipulative attacks are becoming both more dangerous and more convincing.

Industry and Government Response

Nick Gliddon, Business Director at Vodafone UK, commented on the findings. He stated that some of the results are truly alarming, emphasizing that the belief of one in ten leaders that their company would not survive an attack highlights the scale of vulnerability facing UK firms.

These findings emerge as the UK Government prepares to launch a second Telecommunications Fraud Charter later this year. The stated aim of this charter is to strengthen defences against cyber-enabled crime. It seeks to tighten industry standards for prevention, detection, and response while fostering closer collaboration between the government and the telecommunications sector.

The combined data on business survival fears, poor cyber hygiene, and advancing threats like AI driven deepfakes paints a concerning picture for UK economic resilience. The anticipated government charter represents a coordinated effort to address these escalating risks through improved standards and cooperation.

Source: Various industry reports