Cyber expert warns UK firms face “perfect storm” in next 100 days

With the first 100 days of the year now passed, a leading cyber-security expert has warned that UK businesses are heading into a “perfect storm” of tighter regulation, economic pressure and escalating cyber threats.

Roy Shelton, Group CEO of Connectus Business Solutions, said organisations must urgently prepare for a more demanding compliance landscape as financial conditions become increasingly challenging.

He said: “Businesses are heading into a perfect storm: tighter regulation, more complex compliance,  rising costs and increasing cyber threats. Many simply aren’t prepared for the compliance burden that’s coming.”

Recent forecasts from the OECD have downgraded UK growth expectations to 0.7% for the year, alongside a projected rise in inflation. This shifting economic outlook is increasing pressure on businesses already managing tight margins and uncertain trading conditions.

At the same time, new legislation is set to introduce stricter cyber security and compliance obligations. The Cyber Security and Resilience (Network and Information Systems) Bill, currently progressing through Parliament, is designed to strengthen national defences against both criminal and state-sponsored attacks.

However, Shelton warned the practical impact on businesses could be significant.

He added: “The direction of travel is clear: greater accountability, faster reporting and tougher penalties. Organisations will need to demonstrate stronger risk management , compliance and governance, often with fewer internal resources.”

Under the proposed changes, businesses may be required to report certain cyber incidents within 24 hours, followed by a full report within 72 hours. Fines for serious breaches could reach up to £17 million or 4% of global turnover. Importantly, companies within regulated supply chains, including SMEs, may also fall within scope who up until recently have been outside of these regulated requirements.

Shelton said smaller firms would be particularly affected: “This isn’t just an issue for large enterprises. Businesses in supply chains will increasingly be expected to meet the same standards, creating real operational and financial pressure.”

He also highlighted the evolving threat landscape, with organisations facing a convergence of increasingly sophisticated risks.

“We’re seeing a rapid escalation in zero-day exploits, supply chain attacks and ransomware,” he said. “The pace of threat development means businesses need faster response times, better visibility and stronger overall security governance.”

Shelton concluded that organisations must prioritise long-term resilience over short-term fixes.

“Cyber security and stringent compliance is no longer a standalone IT issue. It is a core business risk,” he said. “Those that invest in resilience and trusted partnerships now will be far better placed to withstand the pressures of the next 100 days and beyond.”