In this contributed piece for DIGIT, Ian Davis, Head of Technical Sales at ScotlandIS member Kick ICT Group, explores how rising geopolitical tensions are intensifying cyber threats facing UK businesses, and why organisations must treat cyber risk as a constant rather than a crisis-driven concern.
By now, UK businesses are well aware of the impact global tensions can have. It feels almost impossible to scan the headlines without seeing another tariff dispute, escalating conflict or shift in global trade – each carrying its own implications for how businesses operate, plan and grow.
The latest flashpoint, tensions involving the US, Israel and Iran, is just one more reminder of how volatile today’s operating landscape is.
That volatility is being felt everywhere. From attacks on local data centres to an acceleration of cyber warfare across supply chains, risks that once felt distant now feel much closer to home. But, while recent events might have heightened awareness around such tactics, the threats themselves aren’t necessarily new.
Yes, Iran’s cyber capability is on full display at the moment. But these kinds of actors have been operating in the background for years. State-backed groups and organised cyber-criminals – from Russia to China and beyond – have long posed a threat to UK businesses, and it’s only growing.
The real danger now is not just the scale of that threat, but the misconception that it is temporary or tied to particular moments of geopolitical tension. Cyber risk does not rise and fall with the news cycle, and neither can our vigilance.
War or not, the cyber threat is high
Regardless of geopolitical tensions, cyber is considered the top business risk in the UK, according to Allianz Trade’s UK Risk Barometer 2026. Modern attacks like ransomware and distributed denial-of-service (DDoS) are on the rise, and their impact is far from small.
Take ransomware for instance. Over the last two years, global ransomware attacks have increased by 56%. If the average downtime after a ransomware incident is more than 21 days, and the average cost of unplanned downtime is now $14,000 per minute, then businesses are facing a pretty large bill if caught unprepared.
Similarly, DDoS attacks are at record levels. Often dismissed as short-term disruption, they are increasingly part of a broader strategy to overwhelm systems, mask other malicious activity and enable data theft or extortion. For businesses of any size, the consequences can be crippling.
In recent years, as organisations have transitioned from on-premises infrastructure to cloud and hybrid environments, cloud-related breaches have also become increasingly prevalent. This shift reflects a broader change in attacker behaviour, with cyber-criminals focusing on the most accessible systems and the highest concentrations of valuable data. With cloud platforms like Microsoft 365 fitting the bill perfectly, this is creating a significant security blind spot for UK businesses.
The Microsoft 365 blind spot
Widely adopted across the UK, Microsoft 365 is often assumed to provide inherent data protection – after all, your data is replicated across multiple data centres. However, this exposes a critical misunderstanding: replication ensures availability, not recoverability. It does not protect against malicious activity, data corruption or even accidental deletion.
While Microsoft does provide robust infrastructure-level protections, including defences against threats such as DDoS attacks, responsibility for data protection ultimately lies with the customer. If data is altered, deleted or encrypted within the platform, it may not be recoverable, even if the service itself remains fully operational.
This gap between perceived and actual protection represents a considerable and often overlooked risk, leaving many organisations exposed to data loss despite operating within a highly resilient cloud environment.
What businesses should do to protect themselves
A layered approach to cyber security remains one of the most effective ways to combat attacks. That means things like strong passwords, multi-factor authentication (MFA) and firewalls. While it might sound basic, it’s the first line of defence to keep attackers out.
However, in such a volatile landscape, businesses can’t rely on prevention alone. When defences are breached – and they will be – organisations must have absolute clarity over where their data resides and whether it can be dependably recovered.
That means implementing robust, air-gapped backup strategies, ensuring that critical data is regularly backed up and stored separately from the primary environment. Whether that data sits on-premises or in the cloud, it doesn’t matter. What matters is that it is isolated, secure and continuously monitored to withstand both accidental loss and malicious compromise.
While external factors may be beyond any organisation’s control, ongoing vigilance is not. In an environment where cyber risk is persistent rather than the occasional headline, the organisations that succeed will be those that continuously review vulnerabilities across their entire estate to close blind spots and keep their data fully protected.
Source: DIGIT