The Growing Threat of Cyberattacks to UK Businesses
Between 2019 and 2024, cyberattacks cost UK businesses an estimated £44 billion.
The first half of 2025 has seen this trend continue, with a surge of high-profile attacks costing businesses millions.
This year it has been large retailers such as Marks and Spencer that have been in the crosshairs of cyber criminals. In past years it has been local authorities. The sectors vary, but the common thread has been the way that attackers have breached these systems.
In the M&S breach, attackers used impersonation tactics to trick a support team into handing over access. Other breaches – at the Co-op, Harrods, Uber, Okta – followed a similar pattern. The attackers didn’t need to break technical defences. They relied on human response.
This pattern has become the norm. And while the headlines often focus on the malware or the ransom, the root cause is almost always the same: someone was caught off guard, under pressure, or unsupported.
It’s human error. And the cost can be huge.
But this blog looks beyond the click. It explores what human error really means in a cyber context, and how leaders can reduce the risk without adding unnecessary complexity.
It also looks at how the true cost of these incidents isn’t just in the moment of the mistake. It’s what follows – and what that mistake reveals about how prepared the organisation really was.
The Cost of a Click
Our free guide to why your people are your biggest cybersecurity vulnerability.
Learn how a simple mistake can lead to a massive cybersecurity failure – and what you can do to reduce your risk.
DOWNLOAD YOUR GUIDE
What We Call ‘Human Error’ – and Why That’s Too Simplistic
Attackers have become incredibly adept at exploiting human behaviour to break into systems, using sophisticated social engineering techniques to trick employees into granting them access. Given their role in the business, often it’s the help desk who gets targeted. Other times, attackers cast their net wider. What they’re looking for is someone to commit just one simple mistake.
When that happens, “human error” is usually the term that shows up in reports, headlines, and debriefs. It sounds straightforward: someone clicked the wrong thing, trusted the wrong message, or reset the wrong password. But reducing a cyber incident to a single moment of error overlooks everything that made that moment possible.
Most of the time, human error is the final step in a much longer chain. It may stem from a missed training opportunity, an unclear process, or a culture that encourages speed over caution. Sometimes it’s about knowledge or awareness. Other times it’s the result of how someone has been prepared, supported, and briefed to do their job.
In many cases, the true error isn’t the click itself, it’s what made it possible. And it’s an error that can cost businesses dearly.
The Immediate Cost – What Everyone Sees
When a cyberattack hits, the financial fallout is often swift and measurable. For M&S, the ransomware incident forced online operations offline for six weeks. That downtime translated to:
- £3.8 million in lost sales per day
- £300 million lost operating profit.
- £1 billion lost in market value.
The Co-op experienced its own version of the same pattern. Attackers gained access through a third party, likely using stolen VPN credentials. Even though ransomware deployment was partially contained, the incident caused significant disruption and raised the possibility of widespread data exposure – with the company confirming that all 6.5 million of their members had their data stolen in the attack.
In both cases, the cost was immediate and highly visible: halted operations, lost revenue, shaken investor confidence. These figures tend to dominate the coverage, and for good reason. But they don’t reflect the full scale of the impact.
The challenge doesn’t end once systems are back online. For many organisations, the harder part is what comes next.
The True Cost – What Happens After Headlines Fade
The financial impact of a breach is often the first thing reported. But once systems are restored and operations begin to stabilise, other effects start to surface – and they’re harder to measure.
Reputation doesn’t reset when the breach is resolved. According to YouGov, one in ten people in the UK say they would never trust a brand again after a data breach. Loyal customers may have turned to competitors during the outage. Others may hesitate before engaging again.
Meanwhile, investors and board members ask harder questions. Partners scrutinise your internal controls more closely. The perception of risk lingers, and it can shape how your organisation is treated for months or years after the breach itself.
Inside the organisation, the effects are just as persistent. Security teams often bear the brunt of the recovery effort, with a workload that risks burnout and increases the chance of further mistakes during a critical time. Elsewhere, leaders deal with insurance claims, post-incident audits, and possible regulatory reviews.
Time and resources are consumed not by the work of growth, but by the work of making sure it doesn’t happen again.
The breach may only last a few days. The disruption it causes – across people, systems, and operations – often stays much longer.
What Human-Centric Security Really Looks Like
If attackers are targeting human behaviour, then security planning needs to reflect that. This means reducing the conditions that make mistakes more likely, and giving staff the tools and training they need to respond with confidence, even under pressure.
Good security builds safeguards into the routine. That includes clear escalation routes, multi-factor identity checks, and workflows that are designed to hold up under pressure. It also means recognising frontline teams as an active part of the defence – not as a liability to be worked around.
Building the right organisational culture for cyber security is vital. The National Cyber Security Centre (NCSC) has just launched their Cyber Security Culture Principles, describing “cultural conditions that are essential underpinnings for an organisation to be cyber secure”. These are:
- Frame cyber security as an enabler, supporting the organisation to achieve its goals
- Build the safety, trust and processes to encourage openness around security
- Embrace change to manage new threats and use new opportunities to improve resilience
- The organisation’s social norms promote secure behaviours
- Leaders take responsibility for the impact they have on security culture
- Provide well-maintained cyber security rules and guidelines, which are accessible and easy to understand
As the NCSC say, any efforts to improve the cyber security of an organisation will only ever be effective if they are supported by a culture that encourages and enables this improvement. This starts with leadership setting the tone and getting organisation-wide buy-in.
Developing the Capability to Prevent These Mistakes
When a cyber breach is traced back to human error, it’s easy to focus on the moment something went wrong. But the more useful question is: was that person ever properly equipped to make the right call?
Building internal capability is one of the most effective ways to reduce the likelihood of these moments. That means creating a workforce that doesn’t just know what phishing looks like, but understands why secure processes matter – and how to apply them under pressure.
At Baltic, our apprenticeship programmes are designed with this in mind:
Cyber-first IT Apprenticeships
Our IT training courses are designed to train cyber-conscious Technicians and Engineers who understand that every user interaction, system access request, and technical decision carries security implications. Cybersecurity awareness is built into every module of every programme, producing skilled IT specialists with ingrained cyber capabilities.
IT Support Technician
The Level 3 IT Support Technician apprenticeship embeds secure working practices into every aspect of technical support. Apprentices learn to identify threats early, maintain secure configurations, support cloud and remote systems safely, and troubleshoot with data protection front of mind.
LEARN MORENetwork Engineer
The Level 4 Network Engineer apprenticeship equips organisations to build secure-by-design infrastructure from within. Apprentices gain industry standard CompTIA Network+ and Security+ certifications, layered defence expertise, and the skills to manage risk across complex IT networks.
LEARN MOREWhere to Start – A Readiness Check
Human error will always be part of cybersecurity. But the scale of its impact is shaped by what happens before that moment – the structures in place, the training people receive, and the confidence they have to act securely under pressure.
For organisations looking to strengthen their frontline defences, the first step isn’t necessarily a new tool or platform. It’s a clear-eyed review of how well your current processes support your people when it counts.
Ask yourself:
- Do your support teams know how to verify identity under pressure?
- Are escalation routes easy to use, and clearly understood?
- Is your training tailored to real-world threats like impersonation, vishing, or credential abuse?
- Can your frontline staff act with confidence – or are they left to make judgment calls alone?
At Baltic, we offer a free Cyber-Readiness Consultation with our in-house cybersecurity coach, Michael Carrick. It’s a practical session that surfaces gaps in process, training, and preparedness – and identifies realistic steps you can take to reduce risk and strengthen response.
Whether you’re reviewing helpdesk protocols, planning your team’s development, or looking to build long-term cyber resilience, this session is a useful place to start.
Book a Cyber-Readiness Consultation
Want to reduce the risk of human error in your frontline support team?
Our free Cyber-Readiness Consultation is a focused, no-pressure session with Baltic’s in-house cybersecurity coach, Michael Carrick.
We’ll review your current support processes, identify areas of vulnerability, and recommend realistic steps to improve preparedness and reduce exposure.