Cyber defence and supply chain risk – what businesses need to know

Over the past year, significant UK cyberattacks rose by 129%, with the National Cyber Security Centre (NCSC) now managing around four major incidents each week.[1] Could a large-scale attack put your business at risk?

As it stands, cyber risk affects every level of society, from governments protecting essential services, to businesses navigating fluctuating markets and supply chain delays, through to organisations fighting to keep their operations running. These high stakes are evident in recent large-scale cyberattacks.

Real-world impact

Following the 2025 M&S cyberattack, the retailer’s market capitalisation fell by around £1 billion, and customer data was allegedly stolen. This has resulted in collective legal action as people look for compensation for their lost data.[2]

Last year, Jaguar Land Rover also reported a £485 million pre‑tax loss for the quarter versus a £398 million profit a year earlier, after being forced to shut down networks and halt highly automated‑ production lines for weeks.[3] This event has widely described as the costliest cyberattack in UK history, with an estimated £1.9 billion economic impact and considerable supply chain disruption.[4]

Neil D’Mello, Everywhen’s Client Director (South Division) comments: “One of the biggest issues to come out of these attacks was how the supply chain – particularly SMEs – were impacted. When something of this scale occurs, having the right advice and protection in place is key to preventing and mitigating losses."

What’s being done about cybercrime?

As the frequency and severity of cyberattacks rise, so does the government’s determination to tackle them. In their latest defensive move, they have announced that they are launching new measures to ‘make public services more secure and resilient’ with a dedicated Cyber Action Plan, allowing people to use these services safely and securely.[5]

What’s changing?

For their new Cyber Action Plan, the UK government has committed £210 million to strengthen public services against cyber threats.
At its core, this will consist of a new Government Cyber Unit, setting mandatory cybersecurity standards, coordinating incident response, and providing expert support across departments, local authorities, and health services. The plan also introduces measures to secure supply chains and improve detection and recovery capabilities, ensuring essential services remain safe and reliable.

When will it roll out?

The plan has already started and will progress in three phases from now to 2029. In phase one, by March 2027, they will focus on governance and minimum standards. Phase two will see implementation scale up with enhanced tools, threat monitoring, and workforce development. From 2029 onward, phase three will drive continuous improvement, aiming to build stronger supplier resilience and embedding cyber skills across the public sector.[6]

Ultimately, this plan sets a new overall standard for security and accountability, raising expectations for every organisation connected to government services.

Where Everywhen comes in

Cyber Insurance solutions can usually provide the below, however please refer to your appointed broker for full details of your tailored coverage:

Threat alerts and proactive insight
Access to cyber security tools and expert advice
Cover for legal defence, PR costs, loss or damage, and business interruption

Neil notes: “These types of cyber outages can break a business, even when they’re not the initial target. Cyber policies that include legal defence, PR and interruption cover aren’t optional, they an essential part of a rounded defence strategy.”

Ready to protect your business?

Talk to us today about how cyber cover can help you stay ahead of evolving threats. Click here to find out more.

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement, in the case of specific problems, we recommend that professional advice be sought.

Diane Caplehorn

Head of Partnerships – Direct

About Diane

Diane is a respected industry leader with over 25 years' experience within the insurance sector. She works across a wide spectrum of insurance products and policy development, delivery and optimisation for health and beauty, professional risks and martial arts clients, including managing partner relationships helping clients in protecting their businesses. Her areas of expertise within the sector include Micro-SME, Medical Charities.

Diane currently works at Everywhen as Head of Product – Direct. Everywhen combines regional care with national reach, deep sector knowledge and strong insurer relationships to deliver tailored solutions across 55+ schemes. We help our clients navigate everyday and emerging risks with confidence, always and at all times.

She previously worked for 14 years at Gallagher’s as Executive Director.

Sources

[1] UK experiencing four 'nationally significant' cyber attacks every week - NCSC.GOV.UK

[2] techradar.com/pro/security/m-and-s-hack-may-have-been-caused-by-security-issues-at-indian-it-giant-tata-consultancy-services

[3] https://www.bbc.co.uk/news/articles/ckg1w255gy1o

[4] Cyber attack on Jaguar Land Rover 'most financially damaging' in UK history, experts say | Money News | Sky News

[5] New cyber action plan to tackle threats and strengthen public services - GOV.UK

[6] Government Cyber Action Plan