Why Every Business Should Consider a Secure Innovation Security Review—Not Just the “Innovative” Ones
In 2025, cyber attacks have become a daily headline. From household name retailers like Marks & Spencer and Co-op to globally recognised brands like Jaguar Land Rover, the scale and sophistication of recent breaches have exposed a harsh truth: no business is immune.
Yet despite the growing threat, many small and medium-sized enterprises (SMEs) still believe cyber security is a concern for tech firms, defence contractors, or data-heavy startups. That’s where the Secure Innovation Security Review (SISR ), delivered by Innovate UK, comes in. And the key message is that it’s open to all businesses, not just those working on cutting-edge innovation.
Cyber crime is evolving — and targeting everyone
In 2025 alone:
• Marks & Spencer suffered a ransomware attack that triggered a £300M profit warning.
• Co-op faced a supply chain breakdown across 2,300 stores due to system failures.
• Jaguar Land Rover was reported to be losing £50m per week at the height of their cyber attack in late August.
These weren’t niche tech firms. They were retailers and household brands, with common vulnerabilities exploited across human trust, third-party access, and outdated security practices.
What is the Secure Innovation Security Review?
The SISR is a part-funded programme that connects UK businesses with expert security reviewers. These professionals assess your physical, cyber, legal, and operational security posture then provide tailored, actionable recommendations.
It’s not a tick-box exercise. It’s a deep dive into how your business operates, where vulnerabilities lie, and what you can do to protect your people, data, and reputation. And it’s not just for tech companies. Whether you’re a manufacturer, retailer, creative agency, or logistics firm, if you rely on digital systems, the SISR can help.
Real-world impact: Intanify’s journey
Take Intanify, a fast-growing business that helps clients manage and grow their intangible assets. Despite already having strong cyber protections, the team wanted external validation and a broader view of security risks,
Through the SISR, Intanify worked with a security expert who understood their business instinctively and helped them identify overlooked vulnerabilities. One key insight involved state-sponsored threats, an eye-opener that reframed their understanding of risk.
Intanify went on to implement new protocols, including VPNs for remote work, a more nuanced risk register, and monthly security reviews. Most importantly, the SISR report gave them the credibility needed to secure a major US law firm as a client—opening the door to over 100 new customer relationships.
“The report that Nigel [Intanify’s Security Reviewer] produced for us proved very useful. Commercially, it allowed us to speed up the onboarding process by a few weeks at least.”
Viet Lee, Co-founder & CTO, Intanify
Why now?
The cost of cyber crime is rising. The average non-phishing incident now costs UK businesses £990. But the cost of prevention, especially through a part-funded scheme like SISR, is far lower. Security isn’t just an IT issue. It’s a business continuity, reputational and growth issue.
If you feel your business is “too small” or “not innovative enough” to be a target, you may need to reconsider. The SISR is designed to help a broad range of UK businesses to build resilience, protect assets, and grow with confidence.
Interested in how Innovate UK can help your business strengthen security and unlock new growth opportunities through a Secure Innovation Security Review?