This Q2 2026 cyber threat report highlights a growing reality for UK businesses: cyber attacks are becoming faster, more automated and increasingly focused on exploiting identity, trust and supply chains.
The biggest cyber stories this quarter were not just about stolen data. They highlighted something more important for business leaders, the operational impact of an attack.
When systems become unavailable, suppliers are compromised or sensitive information is exposed, the consequences extend far beyond IT. Customer relationships, productivity, revenue and reputation can all be affected.
According to CrowdStrike’s 2026 Global Threat Report, the average eCrime breakout time has fallen to just 29 minutes, with the fastest observed breakout taking only 27 seconds. At the same time, AI-enabled adversary activity increased by 89% year-on-year.
For organisations, this means the window to detect and respond to modern cyber threats is becoming smaller. Cyber security is moving aways from preventing attacks to ensuring the business can continue operating when disruption occurs.
Recent key findings highlight the scale of the challenge facing UK organisations:
The figures show that while awareness of cyber risk is improving, many organisations still have work to do when it comes to building practical resilience.
The cyber incidents affecting Marks & Spencer, Co-op and Harrods were among the biggest security stories of Q2.
While investigations continue, the incidents demonstrated a key lesson – the impact of a cyber attack is often measured by disruption rather than data loss alone. For modern businesses, digital systems are central to everyday operations. When those systems are unavailable, the impact can quickly spread across the organisation.
These incidents also reinforced the importance of identity security and third-party risk management. Attackers are increasingly looking for trusted routes into businesses rather than relying solely on technical vulnerabilities.
Many attacks today begin with compromised credentials rather than sophisticated malware. Attackers are using:
Once access has been gained, attackers can often move through an environment using legitimate accounts, making malicious activity harder to identify.
This is why identity security has become one of the most important foundations of modern cyber resilience. Businesses should regularly review:
Attackers do not always need to break down the door. Increasingly, they are logging in with valid credentials.
Businesses increasingly rely on suppliers, cloud platforms and external service providers to operate effectively. That brings huge benefits, but it also creates risk.
If one trusted supplier is compromised, attackers may be able to use that relationship as a route into other organisations. This is why supply chain attacks remain one of the most important cyber security trends in 2026.
Despite this, supplier security reviews are still not common enough. Research referenced in the Cyber Security Breaches Survey 2025/2026 found that supplier risk management remains a weakness for many organisations.
For businesses, the priority is not just understanding internal risk. It is understanding who else has access to your systems, data and customers.
Artificial intelligence was one of the biggest themes throughout Q2. For attackers, AI is making it easier to create convincing phishing messages, automate reconnaissance and scale attacks more quickly.
Government ministers warned UK businesses that AI is making cyber attacks faster, cheaper and easier to carry out.
CrowdStrike’s research supports this trend, highlighting the 89% increase in AI-enabled adversary activity and the growing use of AI to support credential theft, reconnaissance and evasion techniques. At the same time, organisations are rapidly adopting AI tools such as Microsoft Copilot and other workplace assistants.
The challenge is ensuring security controls keep pace with adoption. The Cyber Security Breaches Survey found that only 24% of organisations using or considering AI have processes in place to manage the associated risks.
Before expanding AI usage, businesses should understand:
The organisations that benefit most from AI will be those that establish strong foundations first.
Based on the trends seen throughout Q2, organisations should prioritise:
Q2 2026 reinforced a growing reality: cyber attacks are becoming faster, more automated and increasingly focused on exploiting trusted identities and relationships.
But the organisations best placed to respond aren’t always those with the biggest security budgets. They’re the ones that understand their risks, get the fundamentals right and prepare before an incident happens. As businesses continue to adopt AI, cloud technologies and digital services, cyber resilience is becoming a key part of long-term success.
The cyber threat landscape will continue to evolve throughout the second half of 2026, but the foundations of good cyber security remain the same: strong identity controls, effective governance, employee awareness and a clear understanding of organisational risk.
Because the question isn’t whether organisations will face cyber threats. It’s whether they’ll be ready when they do.
Speak to an expert