← All articles

Physical Violence Threats Mark New Phase in Cybercrime Targeting UK Business Leaders

The nature of cybercrime has taken a disturbing turn, with hackers now routinely threatening physical violence against company directors and employees who resist ransom demands. According to the BBC[1], this shift from purely digital extortion to physical intimidation represents a significant escalation in criminal tactics that affects millions of UK business leaders.

Research from security firm Semperis reveals that 40% of global ransomware attacks in 2025 involved threats to physically harm staff members who refused to pay ransom demands[1]. The phenomenon was even more pronounced in the United States, where companies experienced physical threats 46% of the time[1].

Scale of Exposure for UK Business Leadership

The potential impact on UK businesses is substantial. CompanyPulse data[2] shows there are currently 29,437,783 active company officers registered across the UK's 5,543,944 active companies. This vast pool of directors and senior executives represents a significant target surface for cybercriminals employing these new intimidation tactics.

The shift towards physical threats appears to be driven by cybercriminals' frustration with traditional ransom negotiations. Tim Beasley, who works for US security firm Semperis, experienced this firsthand when he found a threatening package on his doorstep while negotiating on behalf of a US government organisation that had been hit by a cyber-attack[1]. "Inside the box was a threatening note, alluding to physical violence if he didn't back off," according to the BBC report[1].

High-Risk Sectors in the UK Economy

Certain UK business sectors appear particularly vulnerable to these evolving threats. CompanyPulse register data[2] identifies several sectors with high concentrations of companies that typically handle sensitive customer data:

The retail sector, particularly online businesses, represents a significant target with 205,548 companies registered under "Retail sale via mail order houses or via Internet"[2]. The technology sector also shows substantial exposure, with 168,353 companies in "Information technology consultancy activities" and 101,628 in "Business and domestic software development"[2].

Professional services firms, often holding confidential client information, are another area of concern. The data shows 275,394 companies registered in "Management consultancy activities other than financial management"[2]. Healthcare-related businesses, with 103,898 companies in "Other human health activities," handle particularly sensitive personal data that makes them attractive targets[2].

Evolution of Criminal Tactics

The escalation to physical threats represents a fundamental shift in cybercriminal behaviour. Zac Warren, chief security advisor for Europe and the Middle East at US security firm Tanium, described a hospital ransom negotiation where "employees within the hospital were getting phone calls" after hackers accessed their personal data, including home addresses[1].

This tactic exploits a critical vulnerability: while companies can implement robust cybersecurity measures for their digital infrastructure, protecting the personal safety of individual directors and employees presents an entirely different challenge. The BBC reports that "hackers are said to be hiring criminals to threaten employees at companies they are trying to break into"[1], suggesting an organised approach to physical intimidation.

The financial stakes continue to rise alongside these evolving threats. FBI data cited by the BBC shows that cyber-attacks in the US resulted in financial losses totalling $20.8bn (£15.4bn) in 2025, up from $16.6bn in 2024[1]. The report also notes that "cyber-attacks in the UK also hit new highs last year"[1].

Implications for Company Governance

The emergence of physical threats adds a new dimension to corporate risk management. With 5,847,420 registered companies in the UK (including both active and inactive)[2], the scale of potential exposure is significant. Traditional cybersecurity measures focused on protecting data and systems must now expand to consider the physical safety of personnel.

The threat is particularly acute for smaller companies that may lack the resources for comprehensive security measures. The BBC notes that in the US, "the number of such physical threats rose more than twofold last year"[1], according to FBI annual data, indicating a rapidly growing trend that UK businesses cannot ignore.

Tim Beasley from Semperis observed that while physical threats have "always been here in the background," they are "becoming more of a reality, slowly inching its way up"[1]. This gradual normalisation of violence in cybercrime represents a concerning development for business leaders.

Looking Ahead: A New Security Paradigm

As cybercriminals continue to evolve their tactics, UK companies face the challenge of protecting not just their digital assets but also their human capital. The intersection of cyber and physical security creates new complexities for the 29,437,783 registered company officers[2] who may find themselves personally targeted.

The data suggests that sectors handling sensitive personal information - from the 205,548 online retail businesses to the 103,898 healthcare companies[2] - need to reassess their security protocols. As physical intimidation becomes an established tool in the cybercriminal arsenal, UK businesses must adapt their defence strategies accordingly, recognising that the threat landscape now extends beyond the digital realm into the physical world.

Found this useful? Share it

More from the blog

Stay in the loop

Data-driven UK business intelligence, delivered to your inbox. No spam.

Free. Unsubscribe anytime.