Cyber security breaches affecting UK businesses

The Department for Science Innovation and Technology recently published the Cyber Security Breaches Survey 2025/2026, which sheds light on the alarming frequency and impact of cyber breaches across various sectors, including businesses, charities, and educational institutions. The report reveals that just over four in ten businesses, specifically 43%, and around three in ten charities, or 28%, reported experiencing some form of cyber security breach or attack within the last 12 months. This figure translates to approximately 612,000 businesses and 57,000 charities in the UK.

Interestingly, the overall prevalence of cyber breaches has remained consistent with the previous year, following a notable decline among businesses from 50% in the 2023/2024 survey to 43% in 2024/2025. The report shows that medium and large businesses are more susceptible to these attacks, with 65% and 69% respectively reporting breaches compared to micro (42%) and small (46%) businesses.

Wayne Cleghorn, a Data Protection and Cybersecurity Partner at Excello Law in London, shares critical insights into the current cyber threat environment. He states that “Focus on phishing - all types of phishing, is the resounding message to businesses and security teams.” He notes that phishing attacks have become the most prevalent and disruptive cyber threats faced by organisations today. Cleghorn also observes that “Impersonation attacks have fallen. This may be because of the rise in Zero Trust IT architectures, more multi-factor authentication, and better staff training and awareness.”

Despite these developments, significant gaps remain in certain areas of cyber risk management. Cleghorn points out that “Much more work is needed on supply chain cyber risk management. Less than 10% of businesses and charities report ongoing improvement work in this area. This is a major gap.” He further emphasizes the importance of robust cybersecurity for AI systems, stating that “Work on AI systems cybersecurity is also lagging, across the board. This should rise as businesses move from AI as innovation-add-on to AI as core business enabler.”

The findings from this survey underscore the urgent need for increased vigilance and proactive measures to enhance cybersecurity awareness and response planning across all organisations in the UK.