Jeremy Samide, CEO, Blackwired, looks at why cybersecurity must be prioritised in the same way as physical security in embracing a new era of threats
Fuelled by the artificial intelligence (AI) capabilities of cyber adversaries, we are seeing exponential growth in cyber-attacks. According to the UK’s National Cyber Security Centre (NCSC) there was a sharp increase from 89 to 204 “nationally significant” cyber-attacks in the 12 months to August 2025. Separately, a UK government survey found that while the overall percentage of businesses experiencing any breach decreased slightly, the prevalence of cyber-attacks remains high for medium (67%) and large businesses (74%).
The impact of these recent breaches in the UK have highlighted the extent to which the UK and the West are woefully unprepared for cyber-attacks.
Despite the increasing sophistication and frequency of digital threats, Governments across the West remain painfully slow to act when it comes to enacting cyber policy that protects both critical industries and the privacy of citizens. Recent attacks on major high street retailers including Marks & Spencer, airports and at Jaguar Land Rover (JLR) are just another clear indication that negligence is warfare, and in today’s hyperconnected world, inaction is not a neutral stance, it’s an open invitation.
The Marks & Spencer and JLR incidents in particular underscore how deeply vulnerable even the most iconic companies remain and that nobody is immune. It also reveals a lack of coordination between public and private sectors when responding to breaches. Cybersecurity cannot be reactive; it must evolve into an anticipatory discipline supported by intelligence-led decision making. The Government needs to hunker down and get serious about how it plans to hold organisations, and the boards which run them, accountable for their actions, or lack thereof, when it comes to cyber resilience and protection.
There was a time, not long ago, when no excuse would fly in the eyes of shareholders or consumers after a breach. Yet today, cyberattacks have become almost a rite of passage; a routine crisis that companies simply factor into their risk models. That normalisation is both troubling and dangerous. What was once an emergency response is now treated as an inevitable operational hiccup. This complacency not only leaves national infrastructure vulnerable to cyber criminals but diminishes public trust in both private institutions and government authorities.
Cybersecurity cannot be reduced to box-ticking exercises or compliance reports. It is about continuous, proactive awareness, being fully invested in it as a critical discipline and part of an organisation’s DNA, and the mindset that protecting the digital vault, the data, systems, and trust that underpin modern business, is a matter of survival. True resilience requires layered defences, real-time threat intelligence sharing, and a culture that views cybersecurity as a strategic imperative, not an afterthought.
Governments, too, must confront uncomfortable truths. Critical national infrastructure, including energy grids, transportation systems, healthcare networks and more recently, data centres, is vulnerable to coordinated cyber campaigns that could cripple essential services overnight. The private sector cannot shoulder this burden alone. Clearer regulations, mandatory reporting standards, and stronger international cooperation are essential. Cyber defence must be treated as a collective responsibility, not a competitive disadvantage.
Organisations must get out of their own way, take the gloves off, and adopt a “defend forward” posture. Until the West treats cyber defence with the same urgency as physical defence, it will remain at the mercy of unseen adversaries, and the next JLR-style crisis is only a matter of time. Cybersecurity is not just a technical challenge; it is a national security imperative, and the stakes are only getting higher as digital dependency deepens across every sector.
