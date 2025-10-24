Sign up to our Business newsletter Sign up Thank you for signing up! Did you know with a Digital subscription to Yorkshire Post, you can get access to all of our premium content, as well as benefiting from fewer ads, loyalty rewards and much more. Subscription Offers Sorry, there seem to be some issues. Please try again later. Submitting...

The scale of such attacks has severely weakened some businesses, affecting supply chains and sales functions, while compromising critical data sources.

These cyber attacks are a stark reminder of the size of the threat facing businesses, and the impact cyber attacks can have. Attacks come from many sources – from organised crime to terrorists, and ‘hacktivists’ to hostile states – while coming in various forms, with ransomware, phishing, spoofing and man-in-the-middle attacks on the list of growing tactics.

The risks facing organisations in the region have never been greater and those risks are not exclusive to the big-name brands that dominate the front pages. In fact, according to a survey we conducted, nearly a third (32 per cent) of businesses admit to having been the target of more than one cyber attack during a 12-month period.

Helen Tringham shares her expert insight

Economic pressures have understandably led to a drop in crucial investment, leaving technology, IT security and compliance activity exposed to such attacks. What’s more, the seismic shift in how we operate as businesses has highlighted vulnerabilities, with a more remote workforce leaning on Cloud Computing and Software as a Service solutions more than ever.

It’s clear: now is not the time for complacency. But what are the biggest pitfalls facing Yorkshire businesses? One of the main areas of risk is that third parties, who often supply business critical functions, may not have adequate security in place to prevent a cyber attack happening to the organisation.

Organisations often wrongly assume that the third party, whose system caused the cyber attack, should be responsible for the cyber attack. The Information Commissioner’s Office has firmly stated that this isn’t the case, after slapping Ticketmaster with a £1.25 million fine for that very assumption.

The truth is that organisations must invest and take ultimate responsibility for their customers’ and employees personal information and data regardless of how many third parties support the organisation in that process – it’s a primary responsibility and one that has to be done right.

Issues can also arise from inappropriate data handling and a lack of respect for UK/EU GDPR – whether that’s storing data for longer than needed, or storing information that’s not needed at all. In addition, a lack of appropriate training or knowledge of the risks can create a real gap in corporate defences that cyber criminals will exploit; what’s more, poor data governance, inappropriate technical security and third-party access to systems, can catch businesses out.

The best way to ensure best practice is to embed GDPR compliance and security risk as business-critical issues, not just IT concerns. As with any critical function, ensuring an appropriate response requires clear ownership, cross-functional collaboration, and accountability across teams.

As recent cyber attacks serve to show, now is the time for heightened readiness, to review and strengthen preventative measures, and to stress test responses. No organisation, however large or small, can ignore the risks that cyber attacks bring.

A reactive approach will only yield limited results. A proactive stance that bakes incyber protection right from the procurement stage, through to ongoing systematic monitoring of arrangements, with a pre-built plan of responses, is always going to be the best way forward.