October marks Cyber Security Awareness Month, a time to reflect on how much our work and personal lives depend on digital systems- and how vital it is to keep them secure.
To raise awareness of cyber security, were launching a three-part blog series to help you understand the importance of cybersecurity, recognise common threats, and take practical steps to stay safe online.
Just as we train teams to recognise physical hazards in the workplace, we must also learn to identify and prevent digital risks. Cyber threats don't just target big tech companies- they can affect any business, large or small, especially those that rely on online systems, email, or digital data.
In 2025, digital safety is no longer optional. Every business holds sensitive information. Whether its client details, training records, or financial data, that information is valuable to cybercriminals.
According to the UK Government’s 2025 Cyber Security Breaches Survey, 43% of UK businesses experienced some form of cyberattack or data breach in the past tear. That figure rises to over 70% for medium-sized organisations. The most common threats include phishing emails, ransomware, and unauthorised access- many of which begin with a simple human mistake.
While this shows progress compared to previous years, it highlights a key truth: cyberattacks remain one of the most consistent risks to UK businesses.
Cybersecurity breaches aren't just technical incidents- they have real-world impacts that affect operations, finances, and customer trust.
In April 2025, Marks & Spencer (M&S) suffered a ransomware attack, which affected online orders, app services, and click-and-collect operations. Hackers gained access via a third-party contractor using social engineering tactics, including SIM swapping. M&S did not pay a ransom, but the attack caused weeks of operational disruption, empty shelves in some stores, and delayed service restoration. The company estimated the financial impact at around £300 million, and personal customer data such as names, contact details, and order histories were accessed.
In late 2024, a Scottish nursery was hit by a cyber incident that exposed sensitive information belonging to children, parents, and staff. Hackers gained unauthorised access to the nursery’s internal systems after staff members were targeted with phishing emails, tricking them into revealing their login credentials. The breach resulted in the leak of personal details including names, addresses, emergency contacts, and in some cases, health or allergy information.
Cyber security isn't just best practice- it’s a legal obligation. Under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018, businesses must take “appropriate technical and organisational measures” to protect personal data.
That means ensuring information is processed securely, access is controlled, and staff are trained to handle data responsibly. A failure to do so can lead to financial penalties and lasting reputational harm.
The National Cyber Security Centre (NCSC) also recommends following core cybersecurity design principles, such as understanding your context, making compromise difficult, and planning for incident response. These steps don’t just satisfy compliance- they strengthen your overall resilience.
Technology alone can't solve the problem. The majority of breaches stem from human error- clicking a suspicious link, sharing login details, or failing to update software. That's why awareness is your first line of defence.
Just as you train staff to spot trip hazards or follow safety procedures, cyber awareness training helps teams identify warning signs, handle data responsibly, and react appropriately when something seems suspicious.
Encouraging open communication is also key. Employees should feel comfortable reporting mistakes or concerns without fear- because quick reporting can prevent a small issue from becoming a major breach.
This post sets the scene for our Cyber Security Awareness Month blog series. Over the coming weeks, we'll be diving deeper into:
Our aim is simple: to make cybersecurity understandable, approachable, and part of your everyday safety culture.
At Raeburn Training, we believe safety is holistic. Whether it’s protecting people from physical harm or safeguarding sensitive data from digital threats, awareness and prevention go hand in hand.
By understanding why cybersecurity matters- and taking responsibility for it- every organisation can create a safer, more secure future.
