What Would You Do If Your Business Was Hacked Tomorrow?
No IT team. No budget buffer. No room for mistakes.
M&S. Co-op. Harrods.
Three of the UK’s most recognisable retailers — all recently hit by cyberattacks.
These aren’t back-bedroom startups. They’re household names with deep pockets, experienced IT teams, and constant security monitoring. And yet... they still got breached.
So now, let’s talk about your business.
You probably don’t have a full-time IT security analyst watching your systems.
And if we're honest, you probably think you're too small to be on anyone’s radar.
You're not!
In fact, that’s exactly why you’re a target. And if you're not ready, you're already vulnerable.
So ask yourself this, and mean it:
What would you do if your business was hacked tomorrow?
The Wake-Up Call Most Businesses Never Get in Time
We’re not talking about science fiction here. We're not being dramatic.
We're describing what happens every single day to small businesses across the UK.
Because cybercriminals don’t care how big you are.
They care how easy you are.
And let’s be blunt: most small businesses are easy pickings.
▪️No formal cybersecurity policy.
▪️Reused passwords.
▪️No backups.
▪️No employee training.
▪️Zero plan if something goes wrong
Fact: 43% of UK small businesses were attacked last year.
60% of them shut down within six months.
Still think this isn’t your problem?
What a Cyberattack Looks Like: Up Close
Let’s walk through what would happen if your business got hacked tomorrow.
You arrive at the office Monday morning:
▪️You try to log in. Your email doesn’t work.
▪️You reboot. Still nothing.
▪️Your website’s down.
▪️Customer orders aren’t processing.
▪️Phones start ringing — complaints, cancellations, panic.
Then you see it.... A ransom note.
Your files are encrypted. Your systems are locked. The attacker wants £10,000 in Bitcoin, or everything gets wiped.
You don’t know if customer data’s been stolen.
You don’t know if backups are safe.
You don’t know who to call.
You’re frozen, while your business burns.
The Real Fallout: Not Just Tech, but Trust
A cyberattack isn’t just technical. It’s deeply personal for your business.
▪️Staff: Get nervous. Some quit.
▪️Partners: Rethink your reliability.
▪️Suppliers: Freeze credit terms.
▪️Insurers: Ask why you didn’t take basic precautions.
▪️Regulators: Come knocking. Fines follow.
Under GDPR, you could face £17.5 million or 4% of turnover in penalties for mishandling personal data.
And you’re still expected to keep the business afloat through all of it.
Most don’t.
If You Were Hacked Tomorrow, Here’s What You Should Do
Assuming the breach has already happened, these are your immediate steps.
1. Shut It Down... Fast
- Disconnect from the internet.
- Turn off shared drives and cloud sync.
- Lock down administrator accounts.
- Pull affected devices offline.
Waiting even 30 minutes can mean wider infection or permanent loss.
2. Phone Your Professionals
- Your IT support (if you have one)
- Your cyber insurance provider
- Your lawyer or data protection officer (for GDPR compliance)
- A specialist cyber response team (yes, you’ll have to find one on the fly if you haven’t prepped)
You need expert help now. Not later.
3. Report the Breach
If personal data has been affected — and it probably has — you have 72 hours to inform the ICO (Information Commissioner’s Office).
Delay = a heavy fine.
Also report the crime to Action Fraud.
This isn’t just your problem... it’s a criminal offence.
4. Communicate Clearly
You’ll want to hide. But don’t.
Prepare an immediate holding message for clients, customers, and staff.
Something like:
“We’re currently investigating a security issue that may affect your data. Our systems have been secured, and we’re working with experts to assess the impact. We’ll provide updates shortly.”
Stay calm. Be professional. Don't speculate or overshare.
5. Start Recovery
- Restore clean backups (if they exist).
- Change all passwords.
- Update software and patches.
- Begin internal and external investigation.
- Learn how it happened and as important how to prevent it again.
What You Should Have Already Done... Do It Now
Preparation isn’t optional. It’s your business continuity plan.
If you don’t want to be next week’s cautionary tale, here’s what to fix:
▪️Multi-Factor Authentication (MFA)
This one move blocks 99.9% of password-based breaches.
If you're not using it, you're not serious about security.
▪️Strong Passwords & Password Managers
Stop letting people use “CompanyName2023!”
Use tools like Bitwarden or 1Password to enforce strong, unique logins.
▪️Staff Training
Your biggest vulnerability isn’t tech — it’s your team.
One person clicking one bad link is all it takes.
❕95% of cyber breaches are caused by human error.
Use free resources or our Cyber Awareness Policy Template to get started.
▪️Backups That Actually Work
Follow the 3-2-1 Rule:
- 3 copies of your data
- On 2 types of media
- With 1 stored offsite or in the cloud
Test your backups monthly.
If they don’t restore, you don’t have backups. You have a time bomb.
▪️A One-Page Response Plan
At minimum, this should include:
- Key contacts (IT, legal, insurance)
- Where backups are
- How to disconnect systems
- What to tell customers and staff
Stick it on the wall. Review it quarterly. Hope you never need it — but be ready when you do.
Free & Low-Cost Resources to Secure Your Business
Here’s what every business should be using right now at a minimum.
| Tool | Purpose | Cost |
|---|---|---|
| AwareSecureCo Starter Kit | Templates, policies, awareness tips | Free |
| 10-Minute Health Check | Self-assess your vulnerabilities | Free |
| Cyber Essentials | Basic government certification | £300–£500 |
| Bitwarden / 1Password | Password management | Free–£3/user |
| Windows Defender / Sophos | Antivirus protection | Free–£5/month |
| Backblaze / iDrive | Automated cloud backups | ~£5/month |
Cybersecurity doesn’t have to be expensive. But ignorance? That’ll cost you everything.
Take These 5 Actions Today
This is your no-excuses list. You don’t need a budget. You just need 30 minutes and the will to act.
- Download the Cyber Resilience Starter Kit
(Includes your health check, awareness policy, backup guide and more) - Enable MFA on all critical accounts
(Email, banking, cloud services — right now) - Back up your critical files
(And test the restore) - Train your staff using simple examples
(Even 15 minutes makes a difference) - Join the waitlist for the Cyber Resilience Toolkit
(A 30-day roadmap to secure your business without overwhelm)
This Is Your Line in the Sand
Big brands like M&S, Co-op, and Harrods survived their breaches because they had the money, teams, and structure to rebuild.
You don’t.
So no — you’re not too small to be attacked.
You’re just small enough to be an easy win.
“Cybercriminals don’t need to break in — they wait for you to leave the door open.”
What would you do if your business was hacked tomorrow?
If your answer is anything other than “I’ve got a plan”, you’re on borrowed time.
Start today — before someone else forces your hand.
Protecting your business from cyber threats starts with awareness and proactive action. Have questions or want to strengthen your defences? Get in touch with us or sign up for our newsletter for the latest tips and updates on keeping your business secure.