Cyber resilience and customer trust: why security is no longer just an IT issue
For UK organisations, cyber attacks have become a fact of life. The question is no longer whether an organisation will experience a cyber incident, but how well it can respond when one occurs.

According to our latest research report, Trust in a Connected World, 98.4% of IT leaders say their organisation has experienced at least one cyber incident in the last 24 months. Phishing attacks, ransomware, data breaches and network outages have become routine challenges for IT teams across both public and private sectors.
Yet the biggest risk isn't necessarily the attack itself. Increasingly, it's the impact that follows.
Operational disruption, service outages, reputational damage and customer churn now rank among the top concerns for IT leaders. Cybersecurity has evolved from a technical issue into a business-wide challenge that directly affects customer confidence and organisational trust.
The trust gap organisations can't afford to ignore
While 77% of IT leaders believe their organisation is meeting customer expectations for secure and reliable digital services, public confidence tells a different story.
Only 26% of UK adults believe organisations are doing enough to protect against cyber threats. More concerning still, over a third remain unsure.
This gap is important because customer behaviour changes quickly when trust is lost.
The research found that:
74.9% of UK adults would reduce or stop using a service following a major cyber breach
31.6% would stop using the service altogether
65.9% say news about cyber attacks has already changed how they interact with organisations online
For younger consumers, the impact is even greater. People aged 18-24 are significantly more likely than average to abandon a service after a major breach, with 40.7% saying they would do so.
The message is clear: customers increasingly judge organisations on resilience outcomes, not security intentions.
Customers expect availability as much as security
When people think about cybersecurity, they often focus on protecting data. And while customers certainly care about that, our research suggests what they value most is continuity.
People want services to remain available, reliable and responsive, even during periods of disruption.
This expectation is reflected throughout the data:
77.6% say strong digital infrastructure is very or extremely important for protecting services
69.3% expect organisations to have advanced cybersecurity protection
69.2% expect strong network security
59.5% expect backup systems that keep services online
Perhaps most importantly, customers have very little tolerance for downtime.
More than a third (36.1%) would only tolerate a few hours of outage for an important service, while 70% would tolerate no more than a single day.
For organisations, that means resilience targets must be built around customer expectations, not just internal recovery objectives.
Why resilience starts before an incident happens
Many organisations are investing in cybersecurity technologies, including threat monitoring, network security and cloud security. However, technology alone isn't enough.
Only 9.6% of IT leaders describe themselves as "very confident" in their organisation's ability to defend data and network infrastructure. Skills shortages, hybrid cloud complexity and limited visibility across networks continue to create challenges.
The organisations best positioned to protect customer trust are those that focus on resilience across the entire environment.
That includes:
Improving visibility across networks and cloud environments
Reducing single points of failure
Strengthening connectivity performance
Standardising security policies across sites
Building faster incident response and recovery processes
The goal is not simply to prevent every attack. It is to minimise disruption when attacks occur.
Cyber resilience is becoming a competitive advantage
As digital services become increasingly central to everyday life, resilience is becoming a key differentiator.
Customers may never notice a security investment that prevents an attack. But they will notice an outage, poor communication or prolonged disruption.
Organisations that can maintain service continuity, communicate clearly and recover quickly will be better positioned to retain trust when incidents occur.
In today's connected world, cyber resilience is about protecting relationships, not systems. And for many organisations, that may be the most important security challenge of all.
Want the full picture? Download Trust in a Connected World to explore the complete findings on cyber resilience, infrastructure and customer trust in 2026. Download the report

