TURNING THE TIDE
Building true cyber-resilence in 2025
The cyber threat environment is changing, with attacks quicker, more sophisticated and at a larger scale than ever before
In our latest Insights article, Commercial’s Technical Services Director, Tom Yoxall, explores how businesses need to move beyond defence to build lasting cyber resilience.
By Tom Yoxall, Commercial’s Technical Services Director
Last year, I wrote about the need to change the narrative around cyber-attacks, to remove the stigma and start preparing for the inevitable. A lot has changed since then.
In 2025, the threat landscape is more complex than ever. Cyber-attacks are faster, smarter, and more targeted. Businesses are under constant pressure to not only prevent these threats but to recover quickly when defences are breached.
We’re seeing a positive shift: More businesses talking openly, investing sensibly, and accepting that attacks happen – even to well-prepared organisations. But it’s not enough to focus on protection alone. Now, the real differentiator is resilience: the ability to withstand, respond to, and recover from attacks without major disruption.
This article explores how to build that resilience, not with fear, but with strategy, structure, and confidence.
%
of UK businesses have experienced a cyber attack or breach in the last 12 months
%
of UK business have experienced a phishing attack in the last 12 months
%
of those businesses said the breach had led to a negative outcome such as loss of data
2025: A NEW ERA OF CYBER THREATS
The cyber threat environment in 2025 is defined by speed, sophistication, and scale.
Ransomware-as-a-Service has industrialised attacks, making them more frequent and more damaging. Law enforcement action, albeit for the right reason, has caused ransomware groups to go it alone and has brough more unpredictability in how they operate. And supply chain breaches, once rare, are now a regular entry point, with third-party tools and services often proving to be the weak link.
According to the latest UK Government Cyber Security Breaches Survey, 413% of UK businesses experienced at least one attack in the past year. For many, this is no longer a one-off crisis, it’s an ongoing challenge.
In short, protection alone isn’t enough. Businesses must be able to respond effectively, recover quickly, and ensure continuity, even in the face of disruption.
What Cyber Resilience Really Looks Like
Cyber resilience is not about aiming for an impenetrable defence. It’s about having the capability to operate, and recover, when something goes wrong.
It involves early detection, rapid containment, and the ability to maintain critical services under pressure. But perhaps most importantly, it requires a clear, rehearsed, and regularly updated plan for how to respond.
Tom’s current Cyber Security Playbook
Five Pillars of Resilience
Just like in the article I wrote one year ago, I wanted to be able to share my advice in some bite sized chunks.
The best-prepared organisations understand that resilience is not a project or a one-off investment. It’s an evolving capability, one that combines the right technology, clear processes, and a culture that supports quick and coordinated action.
So, by drawing on the knowledge I have gained from working closely with our clients and by drawing on my recent experience supporting recovery efforts across the UK, these are the areas I believe make the biggest difference.
Assume breach. and build accordingly
The shift from prevention to preparedness begins with accepting that a breach is not a possibility, it’s an eventuality.
That shift changes how you structure your network, protect your data, and prioritise your response. It means investing in monitoring and detection tools that can pick up on subtle signs of compromise. It means isolating key systems to limit lateral movement during an attack. And it means encrypting critical data so that, even if it’s accessed, it cannot be exploited.
Resilient organisations design their environments not to avoid disruption entirely, but to minimise the blast radius and bounce back quickly.
Air-gapped and Immutable backups are non-negotiables
One of the most consistent failings I see is the absence of properly protected backups.
It’s not uncommon for attackers to target backups first, encrypting or deleting them to remove your recovery options.
That’s why offsite, air-gapped, and immutable backups are essential. These provide an untouched, unalterable copy of your data, stored safely away from your primary environment.
In many of the most serious cases I’ve supported, these backups were the only viable path to recovery, allowing organisations to restore operations without negotiating with criminals.
Practice makes prepared: Test your response plans
A common weakness in otherwise well-prepared organisations is having detailed plans but not embedding them across the business.
Incident response plans, ransomware playbooks, and security alert triage procedures are all vital, but they are only useful if everyone knows how to use them. Plans that sit in a folder, untouched for months, will not help you in a live incident.
We regularly run simulations with clients, from ransomware scenarios to phishing outbreaks, to test their response in real time. These exercises are incredibly effective at highlighting gaps in knowledge, ownership, and escalation paths. More importantly, they build confidence and speed.
When the worst happens, you don’t want a meeting, you want a rehearsed, automatic response.
Know your environment: What's critical and why
One of the biggest obstacles to effective response is a lack of clarity about what really matters.
In the middle of a breach, you don’t want to be debating which systems need restoring first, or where critical data is stored. That needs to be mapped out well in advance.
This is where Business Impact Assessments (BIAs) make a real difference. They help define which systems and services are essential for your business to operate, which are less critical, and in what order they should be recovered. This feeds directly into your disaster recovery plans and keeps technical teams aligned with business priorities, not boardroom assumptions.
If your teams don’t know what matters most, they can’t protect it properly, and they certainly can’t restore it quickly under pressure.
Build and foster a culture that champions cyber resilience
Technology and strategy are essential, but people remain your most important line of defence.
Resilient businesses invest in awareness, training, and culture. They make it safe to report mistakes or suspicious behaviour.
They treat security as everyone’s job, not just IT’s. And they back that up with support from leadership.
We’ve seen that when leadership visibly supports security, not just from a compliance perspective, but as a core business function, it unlocks engagement at every level.
Resilience is a mindset. It’s built on ownership, communication, and preparation.
And it only works when everyone plays their part.
Cyber Resilience Is Now a Strategic Advantage
Resilience is no longer just about avoiding damage; it’s a driver of competitive advantage.
The businesses that are prepared recover faster, suffer fewer long-term impacts, and inspire more trust from customers and partners alike. They are better equipped to respond to regulatory change, better positioned to avoid reputational harm, and more likely to retain clients after a breach.
In short: In a world of constant cyber threats, resilience is your greatest asset.
So, Let’s Turn the Tide, Together
The last 12 months have seen real progress. There’s more honesty, more openness, and more action. But we still have work to do.
The conversation is shifting, from fear to facts, from stigma to strategy. The next step is to turn awareness into action and build real, measurable resilience into every layer of your business.
At Commercial, we’re ready to help. Whether that means reviewing your current cyber posture, running a simulation, or ensuring you have best in class technology, we’ll meet you where you are and support you every step of the way.
Let’s not wait for the next attack to find out if we’re ready. Let’s turn the tide, together.
Want to stress-test your cyber resilience?
Speak to our experts to arrange a cyber maturity review or discuss your recovery strategy.
Contact us today
EXPLORE OUR SERVICES
Other areas of interest
We offer more than just software support: our specialists are here to maximise the potential of your business, enhance efficiency, and create a smarter, safer business environment for you.
Governance
Drive effective governance with our comprehensive services. We offer strategic planning, policy development, and implementation support to ensure compliance, accountability, and sustainable business practices.
Detection & Response
Enhance your security posture with our detection and response services. We provide real-time monitoring, rapid incident response, and proactive measures to defend against cyber threats.
warning & prevention
Proactive and reactive cyber security solutions that keep you ahead of potential risk. Our cyber security experts leave no stone unturned when it comes to the safeguarding of your business.
Send our Warning and Prevention team a message
Take the proactive step towards a safer and more secure future for your business. Reach out to our team today to learn more about how our warning & prevention services can empower your business.
Simone Hindmarch
Co-founder and managing director