THE BIGGEST CYBERSECURITY RISKS BUSINESSES NEED TO PREPARE FOR IN 2026

December 11, 2025December 11, 2025 NewsDesk AI cyber threats, business data protection UK, cloud security vulnerabilities, cyber attacks UK, cybercrime trends 2026, cybersecurity complacency risks, cybersecurity risks 2026, deepfake phishing attacks, impersonation token attacks, insider security threats, London, malware attacks UK businesses, multi factor authentication security, protecting confidential data, ransomware threats 2026, remote working cyber risks, Roy Shelton Connectus Group, SME cybersecurity advice, UK business cybersecurity, UK cybersecurity breaches, zero day vulnerabilities

A leading tech entrepreneur has shared his insights on the biggest cybersecurity risks facing British businesses in 2026.

Roy Shelton, CEO of Connectus Group, fears cybercriminals are “more professional and ruthless than ever” and warned: “International gangs work together to steal confidential data, defraud and blackmail. It’s important that businesses continue to prioritise cybersecurity and see it as an ongoing process.”

The warning comes in the wake of a string of high profile incidents in 2025.

Marks and Spencer, the Co-op and Jaguar Land Rover are amongst the most recent victims of cyber attacks. But cybercriminals target companies of any size.

Last year alone, 43% of UK businesses reported experiencing a cyber security breach. Estimates suggest this cost the UK a combined £14.7 billion.

Here Roy outlines the six areas he thinks businesses need to prepare for the most.

1. AI

“A recent study shows that AI generated attacks were the biggest concern for small and medium enterprises (SMEs) in 2025.

Cyber criminals are using AI to impersonate employees through phishing emails, fake websites and even video calls. They use information found online or from social media to mimic writing styles and speech patterns.

These convincing deep-fakes can trick employees into sharing confidential information and making unauthorised payments.

Poor spelling, unusual formatting and lack of personalisation used to be telltales of phishing emails. But now cybercriminals can harness AI to make emails and calls which are almost indistinguishable from legitimate ones.

That said, AI can also be used as a cybersecurity defence for spotting early indicators of attacks. So be aware of the pros and the cons.”

2. Malware

“Malicious software is a form of cyber attack where devices and IT infrastructures become locked or unusable to its owner.

Ransomware is a type of malware where cybercriminals take control and demand payment. Usually, cybercriminals have stolen, deleted or encrypted data from an IT infrastructure.

Businesses may be unable to function without access to crucial information. Lost trading days can make a big dent in profits.

But cybercriminal threats to sell confidential information on the dark web can seriously damage customer trust in the long-term.

There’s never a guarantee that criminals will uphold their end of the bargain if businesses do pay up. Be on your guard in 2026.”

3. Changing work practises

“In the post-Covid19 world, more businesses have adapted to remote working. But this means employees are increasingly using personal devices with weaker cybersecurity defences.

Businesses may also rely on cloud providers to store and grant employees access to confidential information from different locations. Cloud mismanagement, such as insufficient protection against sensitive files or ignoring updates, can leave entire company networks vulnerable to cyber attacks.”

4. Impersonation token attacks

“Many businesses have adopted multi factor authentication (MFA) to bolster their security systems. But many cybercriminals can now intercept smartphone apps which provide the one-time passcodes.

Businesses can combat these threats by stipulating access conditions, for example restricting MFA to specific devices and locations.”

5. Insider threats

“Employees, contractors and former staff with authorised access to sensitive data and networks may be the course of a cybersecurity breach- whether accidental and malicious.

Aggrieved employees may share company information intentionally, but careless mistakes are much more commonplace.

That’s where staff training and awareness is crucial. Business leaders need to give their employees the tools to follow company protocol and spot potential attacks, like AI-assisted impersonation.”

6. Complacency

Ironically this is often overlooked! We can’t live in denial that cyber attacks are are constant risk. The defence tactics that worked a few months ago, probably won’t now. Criminals work around the clock to break through the most sophisticated systems.

Improvements to cybersecurity should never lead to complacency. Zero-day vulnerabilities are undiscovered cybersecurity flaws which, once capitalised on by attackers, give businesses little time to prepare effective responses.

In fact, a lack of cybersecurity issues flagged suggests they’ve simply gone undetected.

Any business is a risk- regardless of size. Often smaller companies will be targeted by cybercriminals because they’ve invested less in cybersecurity, or because they offer a gateway to bigger business partners in the supply chain.

You May Also Like