The UK’s proposed Cyber Security and Resilience Bill represents a significant shift in how the nation approaches ransomware and cyber threats. Cyber-attacks are now a matter of when, not if, so measures like mandatory reporting and stronger ransomware policies are a necessary step towards improving cyber hygiene and IT resilience.

Legislation alone cannot build resilience: there’s little sense in waiting for the Bill to be finalised and passed into law before taking action, as cyber threats are already impacting businesses and the UK’s economy. This means looking beyond compliance to the question that CEOs and boards should be asking: how can cybersecurity investments not only meet evolving requirements and regulatory demands, but also deliver meaningful, long-term value to a business?

Not only that, but how can cybersecurity investments better protect against relentless ransomware and cyber threats to withstand attempted intrusions?

One important consideration for improving security programs is threat intelligence. While the effectiveness of a security program ultimately depends on a combination of people, processes, products and policy, threat intelligence is often underutilised. It can be seen as a defensive tool or compliance requirement, but should be leveraged to deliver a measurable return on investment. 

The job of threat intelligence and security is about managing, accepting, and reducing risk. It sounds simple, but we all know it’s not. When the risk is tied to millions of pounds in lost revenue, threat intelligence takes on a whole new weight.

Resilience as an organisational imperative

The modern threat landscape is unpredictable. Threat actors are evolving, becoming more sophisticated and targeting organisations of all sizes and sectors. However, they don’t all represent equal risk. Understanding the who, what, how, when and why behind the threats specific to the business and industry are essential.

The consequences of a successful breach extend far beyond immediate financial loss, presenting risks of brand damage, erosion of customer trust, operational downtime, fraud losses, rising cyber insurance premiums, and potential compliance failures.

Narrowing focus to the most relevant and likely threats is critical in ensuring that investments in a security program align with the real risks, rather than hypothetical ones.

A survey of 5,000 small and medium-sized businesses across four continents by Mastercard, reveals that 46 percent have suffered a cyber-attack. Similar numbers are reported in the UK government’s cybersecurity breaches survey 2025, which found just over four in ten businesses (43 percent) experienced a cybersecurity breach or attack in the last 12 months.

The government survey also shows the prevalence of cyber-crime is higher among large businesses (74 percent) and medium-sized companies (67 percent). In this context, cybersecurity is no longer optional, it’s a fundamental business strategy.

Beyond investing in protection, organisations should aspire to transition key parts of their program to proactive security capabilities: the ability to predict and address threats rather than just weathering them when they emerge and escalate. This is where threat intelligence plays a critical role.

Organisations need actionable insights that identify which threats matter most to enable teams to act before an adversary can exploit vulnerabilities. Effective threat intelligence contributes to cyber resilience by helping organisations to prepare and test for likely threats to minimise the potential impact, prevent attacks where possible, respond more efficiently where necessary, and maintain business operations throughout.

The business case for threat intelligence

Investing in threat intelligence to improve cyber resilience doesn’t necessarily remove the costs associated with security, but it helps to shift security from a pure cost centre into a strategic investment with tangible benefits. It has a positive financial impact and ensures the organisation can maintain operations even in the face of emerging threats. One security team even reported shifting 90 percent of their work from event response to threat hunting, successfully moving from a reactive approach to strategic proactive defence.

Mature threat intelligence programs don’t just react to threats. They prevent breaches by proactively understanding the landscape and their digital footprint. This supports balancing decision-making between immediate threats and long-term risk, improving visibility into complex attack surfaces and communication for explaining the risks to business leaders, and enabling security teams to act more efficiently and effectively.

Cyber resilience benefits the whole organisation

It’s not just the CISOs and their teams that benefit; improvements resonate across the entire C-Suite. It reduces costs and lowers insurance premiums for the CFO, avoids downtime and improves operational efficiency and third-party risk for COOs, and protects the brand’s reputation for CMOs.

For CTOs, it enables innovation with security going from a bottleneck to business enabler, enhances integration across security tools, and provides better prioritisation of vulnerability patching and more efficient workflow automation. Wider IT resilience powered by threat intelligence can deliver cross-functional value across the whole organisation.

This approach to resilience aligns with the ambition behind the proposed Cyber Security and Resilience Bill, which aims to improve national defences through stricter ransomware payment and reporting regimes. Under the bill, public sector bodies could be banned from making ransomware payments altogether.

If the Bill is passed – as it is widely expected to succeed – the legislation will send a clear message that criminals will find it much harder to extract ransomware payments from organisations in the UK.

In the meantime, organisations should be integrating threat intelligence into critical parts of their security program, ranging from incident response to alert triage, threat hunting, vulnerability management, business continuity, disaster recovery and product design. This ensures that cyber resilience is already in place and delivering value no matter the outcome.

Resilience isn’t just about surviving an attack, it’s about ensuring the business keeps running and customers remain confident. Investing in cyber resilience through effective threat intelligence helps organisations to find the opportunity in an increasingly volatile risk landscape.

Jason Steer CISO Recorded Future