17 April 2025
According to the latest Cyber Security Breaches Survey, 43% of UK businesses and 30% of charities reported experiencing a cyber attack or data breach in the past 12 months. While this statistic reflects a slight decrease from the previous year's figure of 50%, the threat level remains critically high, particularly for medium and large enterprises.
The average financial impact of the most disruptive breaches was estimated at £1,600 for businesses and £3,240 for charities. The decline in reported incidents is primarily attributed to a reduction in breaches reported by small businesses; however, government officials caution against complacency, especially as cyber threats increasingly target critical infrastructure.
In response to these escalating threats, the UK Government is set to introduce the Cyber Security and Resilience Bill. This initiative aims to compel organizations to enhance their digital defenses and mitigate vulnerabilities.
The survey highlighted an encouraging trend among large businesses, with 70% now having a formal cyber strategy in place, compared to just 57% of medium-sized firms. This discrepancy indicates a potential gap in cyber preparedness among mid-sized enterprises, which may leave them vulnerable to attacks.
There has been notable progress in improving cyber hygiene practices among smaller businesses, evidenced by an increase in the adoption of risk assessments, cyber insurance, formal cybersecurity policies, and continuity planning. These measures are viewed as critical for enhancing digital resilience across the UK economy.
However, a concerning trend emerged among high-income charities, with a decline in the implementation of best practices such as risk assessments. This decrease appears to be linked to budgetary constraints, limiting their ability to invest in essential cybersecurity measures.
"Keeping banking systems online is becoming more challenging, and technology alone isn’t enough. Skilled IT teams are crucial for spotting risks early and responding quickly to prevent disruptions. Organizations need to invest in ongoing training so their staff can strengthen system defenses and recover fast when issues arise. A mix of advanced monitoring, backup systems, and a well-trained workforce is key to keeping services running and maintaining customer trust,” said Sawan Joshi, Group Director of Information Security at FDM Group.
In a significant development, the UK Government has designated data centres as critical national infrastructure. This classification ensures they will receive the same priority as essential services like water and energy in the event of a major incident, such as a cyber attack.
Overall, the findings of the Cyber Security Breaches Survey underline the ongoing cybersecurity challenges faced by UK businesses and charities, highlighting the urgent need for enhanced defenses, ongoing staff training, and comprehensive strategic planning to build resilience in the face of evolving threats.
