The Escalating Cybersecurity Crisis: Why Boards and Businesses Must Take Action Now

In a world that is becoming ever more reliant on digital technology, the rate of cyberattacks is growing at an alarming pace.


In a world that is becoming ever more reliant on digital technology, the rate of cyberattacks is growing at an alarming pace. According to a 2023 report from Savanti, a leading UK cybersecurity consultancy, global cyberattacks increased by 38% in 2022 compared to the previous year1. Businesses in the UK alone reported 2.4 million instances of cybercrime within a 12-month span2. These figures are more than mere statistics—they serve as an urgent call to action for businesses and their governing boards.

The Real Cost of Ignorance

Ignoring the cybersecurity landscape comes with hefty repercussions. Cybersecurity Ventures, a research firm, estimates that by 2025, the annual global damage cost due to cybercrime could reach an astronomical £8.4 trillion3. To put this into context, if cybercrime were a nation, its economy would be third-largest in the world, trailing only the United States and China. The financial risks are simply too high for companies to overlook.

Understanding the Threat Landscape: ENISA’s Cybersecurity Threat Landscape Report

One of the most authoritative sources outlining the escalating concerns in cybersecurity is the Cybersecurity Threat Landscape report by ENISA, the European Union Agency for Cybersecurity. Published in 2020, the report details a number of alarming trends that businesses should be aware of. It highlights how malware has become increasingly sophisticated, targeting not just large corporations but also small to medium-sized enterprises. The ENISA report also mentions the vulnerability of critical infrastructure, a concern that has only magnified with the growth of the Internet of Things (IoT).

Moreover, ENISA’s findings underscore the cybersecurity implications of remote work—a trend that has become a permanent fixture for many businesses. With a distributed workforce, the points of potential failure multiply, thereby increasing the complexity of managing cybersecurity protocols across different environments.

The Board’s Role in Cybersecurity Governance

Despite the mounting threats, many board members find themselves ill-prepared to navigate the risks associated with cybersecurity. A report from Savanti reveals that 59% of directors feel their boards are not effective at understanding cybersecurity risks4. Nonetheless, evidence suggests that companies with informed and engaged boards perform better financially, winning more clients, gaining investor confidence, and maintaining shareholder value even through significant business changes like mergers and acquisitions.

Why Boards Struggle

Board members often find the technical jargon of cybersecurity intimidating. Additionally, there’s a general apprehension about revealing their lack of understanding when consulting experts, such as the Chief Information Security Officer (CISO).

Immediate Actions and Long-Term Strategy

What Boards Can and Should Do

  1. Appoint Cybersecurity Experts: Boards must include at least one member with a robust cybersecurity background.
  2. Quarterly Reviews: Cybersecurity should be a standing agenda item, discussed in-depth at least quarterly.
  3. Consult IT Support and Managed Services: Boards should actively consult their IT departments and managed service providers for expert advice and system audits.

Long-Term Strategy

  1. Education: Ongoing training sessions for all board members on the basics of cybersecurity.
  2. Incident Response Plans: Develop comprehensive emergency response strategies for various types of cyber incidents.
  3. Compliance and Reporting: Prepare for tightening cybersecurity regulations by staying compliant with existing laws and being transparent in cybersecurity reporting.

Role of IT Support and Managed Service Providers

As a leading IT Support and Managed Service Provider based in Liverpool, we offer a range of services designed to help businesses tackle these challenges. From 24/7 monitoring to employee training and compliance audits, we act as your full-service cybersecurity partner.

Regulatory Landscape

The regulatory environment around cybersecurity is becoming increasingly stringent. In the United States, the Securities and Exchange Commission (SEC) has enacted rules requiring companies to disclose cybersecurity breaches within a four-day window if they affect the company’s bottom line 5. It’s reasonable to expect that the UK and the EU will soon introduce similar, if not more stringent, regulations.


Ignoring cybersecurity is not just risky—it’s potentially ruinous. Boards must rise to the occasion and treat cybersecurity with the urgency it deserves. In a digital-first world, a robust cybersecurity posture isn’t optional; it’s a necessity that offers a significant competitive advantage. With the cyber threats becoming increasingly complex and destructive, the time for action is now.

  1. “Effective Board Governance of Cyber Security: A Source of Competitive Advantage,” Savanti, 2023.
  2. Ibid.
  3. “The Cost of Cybercrime to Businesses,” Cybersecurity Ventures, 2023.
  4. “Effective Board Governance of Cyber Security: A Source of Competitive Advantage,” Savanti, 2023.
  5. U.S. Securities and Exchange Commission Cybersecurity Disclosure Rules, 2023.

Get in touch today to see how we can help keep your business safe: Contact Us


< Back to all news