New research from Elixirr: 94% of leaders say they’re cyber-ready – but consumers remain unconvinced

Our latest research reveals that UK business leaders are projecting confidence in their cyber readiness even as a succession of high‑profile incidents keeps data protection on the front pages. The data shows that whilst most UK business leaders (94%) feel confident in their organisation’s ability to detect and respond to a data breach or cyberattack, there is clearly a stark disconnect between boardroom assurance and public concern over data protection.

Against this backdrop of escalating attack sophistication, with recent cyber attacks debilitating large British businesses including M&S and Jaguar Land Rover, consumers increasingly judge brands not only on whether incidents occur, but on the speed, transparency and credibility of the response. While cybersecurity and data protection emerged as the leading trust challenges for UK business leaders, too many organisations are still underestimating the trust implications of failing to communicate clearly about their resilience.

Sector blind spots intensify the risk. Science, technology and research leaders are most alert to the issue, with 43% flagging cybersecurity and 42% data privacy as urgent trust challenges. Financial and business services follow at 37% and 36% respectively. By contrast, 86% of hospitality leaders do not see cybersecurity as a key trust issue, instead prioritising brand reputation (39%) and employee trust and morale (36%) – a troubling gap for an increasingly vulnerable sector built on guest data, payments and loyalty programmes.

Joe Hubback, Partner and CISO at Elixirr, says, “Board confidence matters, but consumer confidence must match this if companies hope to build trust and solid brand reputation. The brands that win will be those that can show, clearly and quickly, that they can detect, contain and communicate regarding any potential cybersecurity issues. As the global threat landscape becomes more sophisticated and attacks become more commonplace, business leaders must focus on closing this trust gap through action and evidence. Confidence is convincing only when it’s visible.”

With this trust increasingly won or lost in how businesses prevent and disclose cyber incidents, worryingly fewer than half of organisations have prioritised CEO and C‑suite‑led transparency during disruption (45%) – the period during and after a cyber incident when transparency, speed and credibility matter most – and over two‑thirds (68%) lack real‑time resilience dashboards for boards and executives. Two‑way channels that let customers ask questions and get straight answers remain underused as well, with just 37% prioritising them. The consequence is a mismatch between confident internal narratives and the external proof customers and stakeholders now expect.

UK business leaders must align confidence with measurable performance indicators that matter and make transparent two‑way communication a core capability of the cyber playbook. With consumers demanding proof and oversight intensifying, the organisations that design trust into their cyber resilience will protect both performance and reputation.

Joe Hubback continues,

“A key underpinning to all of this is making sure that business leaders are supporting their cyber teams and helping them prioritise on what to protect. Cybersecurity has decisively moved from an IT issue to a resilience and reputation mandate and businesses must build strong cyber foundations which allow them to pull on their cyber capabilities and integrate cyber resilience in all aspects of the business rather than fire-fighting when the damage has already been done. 

“With 94% confident in their cyber capabilities, business leaders need to make sure this confidence isn’t misplaced. Alongside making sure cybersecurity is championed and backed across the business, they also need to make sure that an over-confidence isn’t challenging the role of the CISO. When boards underestimate the challenge, it makes it harder for CISOs to secure budget, influence and support to reduce risk effectively. Leaders need to identify any internal misalignment and ensure they are backing their security teams in decision-making.”

Methodology

This online survey of 1000 UK business decision makers was commissioned by Clarity and conducted by market research company OnePoll, in accordance with the Market Research Society’s code of conduct. Data was collected between [06/09/2025] and [11/09/2025]. All participants are double-opted in to take part in research and are paid an amount depending on the length and complexity of the survey. This survey was overseen and edited by the OnePoll research team. OnePoll are MRS Company Partners, corporate membership of ESOMAR and Members of the British Polling Council.