The latest Cyber Security Breaches Survey reveals a mixed picture of organisational resilience, with clear differences between small and medium-sized enterprises (SMEs) and larger companies. While some SMEs reported fewer breaches this year, the overall cyber threat environment remains serious—especially for larger organisations—driven in part by a rise in ransomware attacks.
Commissioned by the UK Department for Science, Innovation and Technology (DSIT) and the Home Office, the survey found that just over four in ten businesses (43%) and three in ten charities (30%) experienced a cyber security breach or attack during the past 12 months. In practical terms, this is estimated to affect roughly 612,000 businesses and 61,000 charities across the UK.
SME breaches decline, but large firms need to improve cyber resilience
Overall breach prevalence among businesses fell compared with last year (from 50% to 43%), largely because fewer micro and small businesses reported incidents. Micro-businesses reporting breaches dropped from 47% to 41%, and small businesses from 58% to 50%. Much of this reduction is linked to lower reported phishing incidents in those categories.
By contrast, medium-sized (67%) and large (74%) businesses continue to report high and steady breach rates, matching last year’s figures and underlining an urgent need for improved cyber resilience at scale.
Phishing remains the most common form of attack: 85% of businesses and 86% of charities that experienced any breach reported phishing as part of the incident. That equates to around 37% of all UK businesses and 26% of charities encountering phishing attempts over the past year. Qualitative interviews in the study emphasised how disruptive phishing is—consuming time and resources to investigate—and warned that increasingly sophisticated methods, including AI-driven impersonation, are becoming more common.
Nathaniel Jones, VP of Security & AI Strategy at Darktrace, noted that more businesses are adopting risk assessments, formal policies and cyber insurance, but warned that attackers are also evolving. The combination of AI-enabled attacks and cybercrime-as-a-service (CaaS) offerings accelerates the pace, scale and sophistication of threats.
The rise in ransomware and business impacts
While the overall prevalence of cyber crimes—measured against the Computer Misuse Act 1990—remained broadly unchanged for businesses (20%) and charities (14%) compared with 2024, the survey highlights a concerning rise in ransomware incidents specifically targeting businesses.
The proportion of businesses experiencing a ransomware incident in which a financial demand was made roughly doubled from under 0.5% in 2024 to 1% in 2025. That increase corresponds to an estimated 19,000 businesses receiving ransomware demands over the past year.
Etay Maor, Chief Security Strategist at Cato Networks, recommends a multi-layered defence that blends threat intelligence, heuristic analysis and advanced machine learning to detect and block attacks at multiple stages. He highlights the need to stop initial infiltration—often via phishing—and to limit lateral movement so ransomware cannot spread across networks.
Although most breaches (around 84%) did not produce direct negative outcomes such as data loss or financial theft, the nature of impacts is shifting. Businesses reported an increase in temporary loss of access to files or networks (7%, up from 4% in 2024), while charities reported more incidents of losing access to third-party services (5%, up from 1%).
Estimated average costs for the most disruptive breach were £1,600 for businesses and £3,240 for charities when including respondents reporting zero cost. Excluding those zero-cost responses raises the averages to £3,550 for businesses and £8,690 for charities. Costs from cyber-enabled fraud were even larger, averaging £5,900 per affected business.
Cyber hygiene and governance concerns
There are positive signs in cyber hygiene among small businesses: more are conducting risk assessments (48%, up from 41%), purchasing cyber insurance (62%, up from 49%), establishing formal policies (59%, up from 51%), and creating business continuity plans that include cyber incidents (53%, up from 44%).
However, some charities—particularly higher-income ones—show declines in risk-finding activities (75%, down from 86%) and in having formal cybersecurity strategies (39%, down from 47%), which may reflect budget pressures. Basic technical controls such as malware protection and firewalls remain common, but adoption of stronger measures like two-factor authentication is still limited (40% of businesses, 35% of charities).
Jack Kerr, Director at Appdome, emphasised the challenge of managing corporate security on employees’ mobile devices and urged organisations to secure their enterprise mobile apps directly. Embedding AI-native protections in commercial and custom enterprise apps can detect and stop threats in real time, adding another defensive layer when perimeter controls fail.
The survey also highlights worrying governance trends: the share of businesses with board-level responsibility for cyber security and resilience has fallen steadily since 2021, from 38% to 27%. Supply chain risk management remains weak—only 14% of businesses and 9% of charities formally review risks from immediate suppliers—and awareness of official guidance such as NCSC campaigns and Cyber Essentials is limited, especially among micro-businesses.
Maor urged organisations to routinely review security events and use extended detection and response (XDR) tools to investigate and mitigate attacks effectively. He called for strong leadership and a focus on supply chain security, and suggested the survey’s findings should inform the forthcoming Cyber Security and Resilience Bill—particularly measures addressing AI-powered attacks.
(Photo by Ken Whytock)
Related coverage: Vodafone UK has previously warned that weak cybersecurity is costing SMEs billions.
Interested in learning more about cybersecurity and cloud technologies from industry leaders? Consider attending relevant industry events and expos focused on cyber security and cloud computing, where vendors and experts discuss practical strategies to improve resilience against ransomware and other cyber threats.
Explore upcoming enterprise technology events and webinars powered by TechForge.