James Endersby
Chief Executive Officer, Opinium

Cyber risk has shifted from a back-office concern, to a board-room priority, to a reputational nightmare our latest consumer study reveals. Nearly three quarters of consumers now view cyberattacks as one of the biggest risks facing companies, while a fifth of UK consumers say they openly distrust companies with their personal data. Trust is wobbling, and that tremor is felt on every balance sheet.

The latest research from Opinium suggests that the public sense the threat is escalating. Seventy-four per cent believe attacks on UK retailers and service providers are becoming more likely, and two thirds say they have already changed how they shop online. Nearly a quarter will now only use brands they completely trust, and a similar proportion restrict spending to firms they perceive as having robust security. Nine per cent of consumer say they have paused online spending altogether. That behavioural pivot, surely worth billions of pounds in diverted revenue, should set alarm bells ringing in every boardroom.

Although retail breaches dominate headlines, the consequences ricochet across every sector. Digital trust has become a universal brand currency: the customer who abandons a hacked retailer logs out of their investment app, questioning encryption and authentication. When one organisation is breached, other brands will come under increased scrutiny. Brands that cannot offer credible answers face immediate dips in sentiment and higher acquisition costs. The brand that doesn’t get on top of the issue quickly will face huge hits to their profits and long term brand reputation.

Implications for financial services

For financial institutions the stakes are uniquely high. Consumer trust their banks and financial organisations with their wages, savings and retirement plans. A ransomware lockdown of payment systems is not just an operational hiccup; it strikes at the promise at the heart of every bank “your assets are safe with us”. Consumers, already jittery, will move deposits or cancel cards at unprecedented speed. Regulators, now armed with tougher operational-resilience mandates, will not hesitate to levy substantial fines and demand onerous remediation plans.

Financial brands also face intense capital-markets scrutiny. Share prices often fall in the days following a disclosed breach, and the cost of wholesale funding can rise as credit-default-swap spreads widen. The knock-on impact on price-to-book ratios and executive remuneration is now a staple of investor-relations playbooks. Cyber resilience is therefore not simply a compliance line item; it has become a material factor in valuation models and acquisition due diligence.

Rebuilding confidence: from resilience to assurance

The impact from our cyber insight is clear: security is not a stand-alone issue. Boards need to integrate cyber risk into enterprise-wide reputation dashboards. Communications is key. Greater emphasis needs to be placed on stopping cyberattacks in the first place, but also how you communicate as a brand what you are doing is really important. For example consumers are receptive to guidance on two-factor authentication and account monitoring. Those messages position a brand as a partner in safety rather than a potential source of harm. When a breach happens, swift, empathetic disclosure backed by tangible remediation is critical. Silence or obfuscation will cost far more in litigation, supervision and lost lifetime value.

Could your culture be the ultimate firewall? As we know technology can be bought but a good corporate culture must be earned. The most resilient organisations embed secure-by-design thinking across the product lifecycle and empower every employee to act as a sentry. Phishing simulations, crisis drills and executive tabletop exercises sound mundane, yet they create the muscle memory that turns a potential headline into a contained incident. Culture also embraces suppliers: third-party risk has become first-party reputation.

Beyond the firm, collaboration matters. Information-sharing schemes such as the UK’s Financial Sector Cyber Collaboration Centre and regular sector-wide drills help normalise best practice and support smaller institutions without their own cyber muscle. Regulators welcome collective action because it lowers systemic risk; investors welcome it because it reduces correlated surprises. Alone, a company can harden its walls; together, an ecosystem can raise the entire water level of defence.

Cyber threats will continue to evolve, turbo-charged by generative AI and geopolitical friction. Companies need to step up, not only on the technology, but crucially the culture and communications to prove ‘we value your data as much as you do’ and turn uncertainty into competitive advantage. Reputation is no longer earned by avoiding incidents, but by preparing for, responding to and learning from them. Get that right and customer trust becomes more than a defensive asset; it becomes your most compelling proposition.

Opinium: Strategic Insight Agency - What people think, feel and do

Opinium Research study of 2,000 UK adults, conducted between 23 and 27 May 2025,