Cyber Security Month: Essential Compliance Checklist for UK Businesses

October’s Cyber Security Month highlights how simple, consistent actions can have an outsized impact.  According to the 2025 Cyber Security Breaches Survey, 43% of UK businesses identified a breach or attack in the past year, and phishing remains the most common threat, affecting 85% of those hit – yet only 27% of businesses assign board-level responsibility for cyber security.  

This highlights the need for stronger leadership on cyber security – something ISO 27001 supports through its clear requirements to achieve a certifiable Information Security Management System (ISMS), enabling organisations to systematically manage information risks. 

The good news is that stronger cyber security doesn’t depend on drastic change – it’s built through steady, practical steps. The following steps may help organisations enhance day-to-day vigilance: 

Weekly habits help embed vigilance into an organisation’s daily workflow.  

• Update software, operating system patches and antivirus 
• Back up critical files 
• Scan and encourage staff to report suspicious emails 
• Monitor login and device activity 

These actions align with widely accepted good practice for SMEs. For reference, see our Cyber Security Checklist for SMEs, developed to support awareness and understanding. 

Monthly checks can strengthen defences by addressing risks that daily tasks may miss. 

• Run full antivirus scans across devices 
• Review account security for key accounts by enabling multi-factor authentication (MFA) and ensuring passwords are strong and unique 
• Test backup recovery processes 
• Review user access rights 

Quarterly reviews demonstrate a proactive security posture to regulators and stakeholders. 

• Deliver refresher awareness training for staff 
• Consider running a phishing simulation exercise 
• Update the IT asset inventory 
• Patch third-party software 
• Review internal security policies and ensure you know your obligations, including when to report a data breach to the ICO 

Annual actions provide evidence of long-term resilience and help build trust with supply chains, regulators, and customers. 

• Undergo penetration testing or IT security assessments 
• Review and test your incident response plan 
• Renew training and maintain certifications 
• Audit supplier security posture 

ISO 27001 sets out the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System. It is internationally recognised and supports the structured management of information risks in line with defined policies and objectives. 

To find out more about how certification to ISO/IEC 27001 can support your organisation’s information security objectives, contact our team and take the next step in your compliance journey.