hello@seconcyber.com
Cyber security isn’t a luxury, it’s a core part of business resilience. And 2025 has made that clearer than ever.
Consider the late‑summer 2025 cyber‑attack on Jaguar Land Rover. The disruption forced a complete halt to production of approximately 1,000 vehicles per day across its UK sites and triggered a ripple effect across around 5,000 supply‑chain firms. The estimated cost to the UK economy: £1.9 billion. Losses were estimated at around £50 million per week during the shutdown. While the incident affects a global manufacturer, the underlying lesson is clear: whether you’re making cars or providing services, a breach can stop output cold, drain cash, disrupt your supply‑chain and put jobs on the line.
When a breach occurs, it can hit production hard. Attackers often use malware or brute‑force to open a “backdoor” into systems. Once inside, they can disrupt operations entirely, freezing systems, locking out users, halting production.
From a micro‑economic perspective, this leads to a left‑ward shift in the Production Possibility Frontier (PPF) – reducing a firm’s ability to produce goods and services. For SMEs with tight cash‑flow and fewer buffers, even a short disruption can prove disastrous.
How Attacks Reduce Productivity and Output for SMEs.
Let’s assume all other business conditions remain the same. A cyber-attack effectively reduces the firm’s available capital – from digital systems to data, limiting their ability to meet customer demand. Lower output leads to reduced revenue and, in many cases, lost profit.
According to the UK Government’s Cyber Security Breaches Survey 2025, over 40% of UK businesses reported cyber-attacks in the past 12 months. The research found larger organisations are far more likely to prioritise cyber security, with 96% of large businesses and 92% of medium-sized businesses viewing it as a high priority. In contrast, just 72% of all businesses say the same.
The gap is even more striking at the smaller end of the scale. Nearly a third of micro businesses (30%) consider cyber security a low priority, compared to just 8% of medium businesses and only 2% of large businesses.
These aren’t abstract risks, they are everyday threats with real-world consequences.
A Real-World Example: The “Cyberstorm” That Shuttered a Manufacturer.
In May 2025, a UK-based manufacturing SME with 78 staff was hit by ransomware. The attackers, believed to be from the DarkSide group, exploited years of ignored technical debt and out-of-date systems.
The company had isolated outdated Windows 7 machines behind a basic firewall, a cost-saving measure designed to avoid upgrading systems. It saved them £50,000 in the short term, but the breach led to:
- £3.3 million in financial losses,
- Eight weeks of halted operations,
- The complete loss of all 78 jobs,
- And ultimately, business closure.
This case, reported anonymously via The Small Business Cyber Security Guy, shows the real cost of short-term thinking. What looked like IT frugality became an existential threat.
The Broader Microeconomic Impact
Cyber-attacks don’t just affect the businesses they target – they impact entire markets.
1. Firm-Level Effects
- Reduced output and capacity.
- Increased recovery and compliance costs.
- Long-term reputational damage.
2. Market-Level Effects
- When an SME exits the market or scales down, supply decreases, shifting the supply curve left.
- Less supply drives price increases, shrinking consumer surplus (the difference between what customers are willing to pay and what they actually pay).
- Lower competition means less innovation and fewer choices.
A cyber-attack on just one SME can distort pricing and reduce value for the entire market.
Ripple Effects Across the Supply Chain.
An SME doesn’t operate in isolation. When it halts, so do its partners. This creates spillover effects across the supply chain, from suppliers upstream to distributors and clients downstream.
These ripple effects can:
- Delay production in other firms.
- Increase sourcing costs.
- Force emergency operational changes.
In response, firms may divert resources from innovation or investment to recovery – slowing growth and hurting long-term economic performance.
The Economics of Prevention.
The microeconomic damage from cyber-attacks is far-reaching:
- Reduced productivity and economic output.
- Higher costs passed on to consumers.
- Weakened supply chains.
- Lost jobs and opportunities.
For SMEs, the message is clear: cyber security is no longer just about protecting data, it’s about protecting your entire business model. Guidance of how to effectively communicate risk is explained in our webinar with KnowBe4.
A modest investment in protection today protects revenue, jobs, customer trust, and market competitiveness tomorrow.