93% of UK businesses have experienced a business-critical cyber incident, yet they are 21% less likely to have a dedicated environment in which to recover

READING, England, Aug. 19, 2025 /PRNewswire/ -- New research by Commvault, a leading provider of cyber resilience and data protection solutions for the hybrid cloud, in collaboration with research firm GigaOm, has revealed that the UK experiences a higher rate of critical cyber incidents than any other country. A cyber incident can be defined as an event or series of events that negatively affects the security of data systems or digital information within an organisation, including a security breach or ransomware attack.

Only 7% of the UK businesses surveyed report never having experienced a "business-critical" incident, compared to 14% of the rest of the world. This means that a staggering 93% of UK businesses have experienced a business-critical incident, of which 57% occurred in the past 18 months.

Despite experiencing more frequent devastating incidents than the global average, UK organisations are falling behind when it comes to their readiness to react and recover from cyberattacks. According to the research, they are 21% less likely to have deployed a dedicated recovery environment, and 11% less likely to have tested their recovery plans within the last month compared to the other countries - two aspects of a recovery plan that are widely considered to be fundamental.

Barriers to Being a Minimum Viability Company
The survey also highlights key findings tied to the Minimum Viability Company (MVC) concept. This concept outlines the core operations that are necessary to resume business quickly after a cyberattack. In an age where cybercriminals are increasingly sophisticated, infiltrating backups with malware, or planting dormant ransomware that activates after restoration, this approach is fundamental to operating in a state of continuous business.

Survey respondents stated that the biggest challenge preventing UK businesses from achieving minimum viability is the complexity of existing systems and applications (52%), followed closely by the struggle to keep recovery plans in line with changing business needs (47%).

Almost a third (30%) cited difficulties separating 'core' systems from less business-critical, 'broader' operations as another primary barrier to implementing the MVC concept.

However, nearly two-thirds of UK businesses have laid some foundational steps in their efforts to be resilient against attacks, with 65% having an inventory of business-critical systems and dependencies and 61% creating defined runbooks, roles, and processes for incident responses. This is ahead of the global averages of 50% and 41%, respectively. This suggests that while UK businesses are investing time and resources into incident response preparations, that is not translating into real-world recovery readiness.

Many of these cyber readiness practices are directly relevant to establishing what's needed to adopt a MVC approach. Yet only 36% of UK organisations strongly believe that they should prioritise the minimum viability approach.

"With the threat landscape evolving, business recovery is now a key concern at the board level," said Richard Gadd, Senior Vice President, EMEA, Commvault. "However, this research identifies critical gaps many organisations in the UK face as they rapidly try to advance their cyber resilience strategies. Having a tested recovery plan in place and a dedicated recovery environment in the cloud can make all the difference between chaos and continuous business."

"Business-scale cyberattacks are now the norm, not the exception. If complexity is killing efforts to prepare for recovery, executive leaders need to assume control and set business-level priorities, so they can keep the organisation running after an attack," said Howard Holton, Chief Operating Officer, GigaOm.

Methodology
GigaOm surveys serve to test hypotheses about a given topic area. In this survey, we looked to explore how enterprise organisations are approaching recovery, and the barriers and enablers that impact success. 1,000 senior decision makers responded to the survey, directly involved in defining, buying, or using application acceleration solutions. The sample of UK respondents was 100. Respondents came from a cross-section of industries without limitation, from companies with 1,000-plus employees across the globe.

About Commvault
Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience, helping more than 100,000 organisations keep data safe and businesses resilient and moving forward. Today, Commvault offers the only cyber resilience platform that combines the best data security and rapid recovery at enterprise scale across any workload, anywhere—at the lowest TCO.

View original content to download multimedia:https://www.prnewswire.com/news-releases/uk-businesses-more-exposed-to-major-cyber-incidents-than-any-other-country-according-to-new-research-by-commvault-302532721.html

SOURCE COMMVAULT