Cyber attacks are no longer confined to the digital pages of tech blogs—they’re making front-page news and disrupting the physical world. In recent weeks, some of the UK’s most prominent retailers, including Marks & Spencer, Co-op and Harrods, have found themselves in the crosshairs of cyber criminals.
According to RiskSmart, now, logistics firm Peter Green Chilled, which services major supermarkets like Tesco, Sainsbury’s and Aldi, has reported it is being held to ransom by hackers. The fallout is real, with thousands of meat products at risk and critical supply chains on the verge of breakdown.
Behind these headlines are countless individuals dealing with the real-world consequences. Whether it’s empty shelves or manual stock checks, staff are being forced to operate without the digital systems they rely on. The financial and reputational damage to businesses can be staggering. According to the UK government’s Cyber Security Breaches Survey 2024, 50% of UK businesses and 32% of charities have suffered some form of breach in the last year, with phishing attacks being the most common method—affecting 84% of businesses.
Phishing has evolved far beyond laughable fake emails. It now often leverages sophisticated AI to create highly convincing messages. Attackers mimic real identities or brands, tricking recipients into handing over sensitive data or credentials. And these aren’t just mass attempts. Increasingly, individuals with privileged access are being singled out, making the attacks personal and more dangerous.
Artificial intelligence is making these threats more potent. With AI tools capable of scanning huge volumes of public data in seconds, attackers can identify vulnerabilities and tailor phishing emails that feel alarmingly authentic. AI can craft emails that mimic tone, language and even the urgency of genuine internal communications, making deception harder to detect and more likely to succeed.
For SMEs, the threat is especially concerning. With smaller budgets and less technical resource, their defences are often less robust. One serious incident—whether it’s ransomware, fraud or data loss—can jeopardise a company’s entire future. The stats are stark: while half of businesses were attacked last year, 70% of medium-sized firms were affected. The consequences? Loss of customer trust, financial strain, internal disruption and emotional stress for staff.
Yet being targeted isn’t a sign of failure. Cyber criminals are increasingly exploiting human trust, not just technical flaws. That’s why awareness and support are critical. The National Cyber Security Centre (NCSC) advises firms to revisit their helpdesk protocols and improve authentication practices. But technical upgrades aren’t the full answer—employees play a vital role too.
Protecting a business starts with empowering staff. Simple awareness training can help employees spot suspicious emails or phone calls. Making it easy to report red flags—like using one-click systems—encourages action. Even basic measures like better password habits, two-step identity checks, and pre-agreed approvals can prevent breaches.
Beyond training, businesses can take practical steps to build resilience without major investment. Regular audits of systems, rehearsed crisis plans, and supplier risk checks all contribute to a safer operating environment. These don’t have to be expensive—often, the key is consistency and simplicity.
RiskSmart, a platform designed to reduce the burden on small businesses, offers a straightforward way to embed risk awareness across organisations. Built for all employees, not just risk specialists, RiskSmart’s solution helps teams report threats quickly and provides leaders with clear insights into emerging risks. It removes the jargon and replaces it with a user-friendly interface focused on prevention and visibility.
In an era where attacks are not just digital but deeply human in impact, building a culture of shared vigilance is more important than ever.
Read the full post here.
Keep up with all the latest RegTech news here
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
