Skillcast’s Cybersecurity Compliance Expert, Dhruva Pudel is calling on organisations to end workplace security apathy.
The government’s 2026 Cybersecurity Sectoral analysis highlights that many small businesses are continuing to choose “do nothing” rather than adapt to evolving threat landscapes and growing regulatory demands.
This is also reinforced by the government’s recent cybersecurity breach data which revealed that only around 33% of companies deploy cyber-monitoring tools.
According to Skillcast, the report found that cost concerns around auditing and certifications, alongside limited awareness, remain key barriers to action.
As a result, many organisations continue to treat cybersecurity as nice to have instead of a business-critical function.
However, this inaction comes amid rising awareness of cybersecurity and in the aftermath of a high-profile incident targeting one of Europe’s retail giants.
The Shiny Hunters extortion group gained access to the company’s databases and exposed the personal information of 197,000 customers.
The problem is also being worsened by a temporary lull in the adoption of AI across the corporate landscape.
According to recent McKinsey & Company data, only one third of businesses have scaled their AI past the pilot and experimentation phases.
While AI has been positioned as an opportunity to transform business operations and improve efficiency, implementation can be delayed by procurement processes, governance concerns or compliance requirements.
This hesitation risks operational bottlenecks, with some organisations relying on legacy systems or delaying investment in staff training and infrastructure improvements.
Without the right processes and knowledge in place, businesses risk leaving employees underprepared and systems increasingly vulnerable, Skillcast added.
Dhruva Pudel, Head of Cybersecurity at Skillcast said:
“Embedding cybersecurity into every aspect of compliance is one of the most effective ways a business can protect itself.
“While taking a ‘do nothing’ approach may appear to be cost-effective in the short-term, it leaves companies highly vulnerable and the longer-term consequences can be devastating.
“No organisation is too large – or too small – to be targeted and approaches to risk management need to be dynamic in an ever-changing technological landscape,” he continued.
“The cost of responding to a cyber-incident, from operational disruption and financial losses to reputational damage, can far outweigh employee training and robust compliance frameworks that can adapt over time.
“Businesses that act now will be in a far stronger position to protect themselves; action, not apathy, is what will future-proof corporate Britain,” Pudel concluded.
