UK business leaders are most concerned about cybersecurity breaches over the coming year, but doubt their ability to manage related risk, according to a new study from Nardello & Co.
The global investigations firm polled 250 business leaders at enterprises with a minimum turnover of £250m to better understand their perception of risk for 2026.
Over half (58%) ranked cyber-related breaches as their top risk, with three-quarters doubting their ability to manage them. Their concern is grounded in experience and 20% said they had suffered a breach over the past two years.
Compliance concerns (37%) and financial crime (30%) came next, on the back of US Foreign Corrupt Practices Act (FCPA) enforcement.
“At the same time, enforcement outside of the US is ramping up. For example, the UK’s Serious Fraud Office [SFO] has new legal powers in the form of the ‘Failure to Prevent Fraud’ offense that came into force in September 2025,” explained Paul Nash, MD of Financial Investigations & Forensic Accounting at Nardello & Co.
In March 2025 the SFO, France’s Parquet National Financier and Switzerland’s Office of the Attorney General announced the formation of a joint anti-corruption enforcement taskforce.
“This evolving global enforcement environment, coupled with increasingly complex fraud schemes, requires international companies to remain vigilant while managing the risk of fraud, bribery, corruption, money laundering, and other financial misconduct,” Nash commented.
The compliance imperative will only grow for UK organizations later in the year as the Cyber Security and Resilience Bill becomes law. In-scope businesses will need to adopt risk-based cybersecurity strategies in response, said Joseph Pochron, MD for digital investigations and cyber risk at Nardello & Co.
Read more on fraud: World Economic Forum: Cyber-fraud overtakes ransomware as business leaders’ top cyber-security concern.
A quarter of business leaders cited reputational damage as one of their top three biggest concerns for 2026. Over two-fifths (42%) worry about the reputational impact of a data breach, and 28% about the spread of misinformation online, while 24% are concerned about about negative media coverage and 18% about managing wrongful employee allegations.
Is the UK Underprepared?
Africa (26%) was cited as the region where their organizations face the greatest operational risk exposure, followed closely by the Middle East (24%) and Asia (22%). Despite their concerns, the report found that:
- Just 44% of UK firms carry out pre-hire screening
- Only 48% have an anonymous whistleblowing system in place
- Just 59 provide regular training on compliance
“Despite organizations facing an increasingly sophisticated array of risks, the data highlight a degree of complacency that could well be existential for a business,” warned Nardello & Co regional MD for EMEA, Chris Morgan Jones.
“Preparation, planning, and careful attention to specific risks can diminish the impact of any crisis and frequently prevent one.”
