£152 million cyber-crime bill sees firms with broad supply chains worst-hit

New research has revealed high-risk sectors for cyber-attacks. In particular, firms with extensive supply chains are the most at risk when facing losses of up to £152 million per year from hostile digital actors.

2025 has been a busy year for cyber security experts. Cyber-attacks on the Co-op and Jaguar Land Rover, among others, have resulted in substantial financial hits for leading businesses. Meanwhile, the rise of sophisticated attacks by criminal gangs has caused significant disruption, such as M&S, which had to suspend its online service for six weeks in April.

As the economy looks to get a grip on the crisis, research from Money.co.uk has identified the worst impacted sector. Working from data from the Department for Science, Innovation & Technology, the firm has estimated that businesses in the information or communications sector were most likely to have reported a breach in the last year, with 69% of organisations saying so. This was closely followed by the professional, scientific and technical cluster – at 55%.

Expanding on why this might be, the researchers suggested that businesses in the professional, scientific, or technical, and administration, real estate, finance, and utilities often deal with sensitive or valuable information, such as client data or financial details, which could make them more appealing targets for criminals. As a result, professional, scientific of technical firms also reported the highest cost – at an estimated annual £152 million.

Going into more detail, the researchers noted, “Professional and technical services may hold confidential project files, while financial services may store or process banking details. Real estate, utilities, and administrative firms often handle personal or payment data as part of their operations, leaving them vulnerable to scams such as phishing or invoice fraud.”

Proactive planning

Overall, 43% of surveyed businesses reported a cyber breach in the last 12 months. Looking ahead, with companies with extensive supply chain and outsourcing operations will most urgently need to identify gaps in their defences. The researchers noted that the more parties involved in a project, the more opportunities there are for hackers to exploit weak links in the supply chain. Even in an office setting, this is a key point – as administration and real estate rely heavily on digital invoicing and project management platforms. That dependency can create weak points, exposing firms to invoice fraud, phishing, and ransomware.

Explaining how firms can better protect themselves, Joe Phelan, Money.co.uk business bank accounts expert, commented, “Cyberattacks continue to pose a serious risk, particularly for smaller businesses, as the data shows average costs to micro and small firms have risen by more than 90% in the last 12 months. No business is too small or too large to be a target-all need to take steps to protect themselves against cyberattacks and plan for any incidents. That means building cyber awareness into everyday operations by prioritising measures like staff training, regular software updates, and early detection systems that flag unusual activity.”

Phelan added that it was also crucial to plan for the potential financial impact of an attack or being forced to close temporarily due to a threat. Proactive planning, both technically and financially, gives businesses the best chance of recovering quickly and “minimising the long-term impact of cyber breaches.”

“You can be better prepared to cover any unexpected costs or financial losses by building a financial buffer in a high-interest, instant-access business savings account. Having this financial safety net in place allows you to continue operating confidently and have a pot to draw on for investing in better cyber security over time as well. Using a dedicated business bank account also offers preventative protection. For example, many banks offer business accounts with built-in fraud prevention tools, such as Positive Pay controls, which verify outgoing checks against your company’s list of issued checks.”