In a recent government study, it was found that the proportion of businesses in the UK reporting cyber attacks and data breaches has decreased from 50% to 43% over the last year. This decline was attributed to the strengthening of cyber hygiene practices among small businesses. Despite this positive trend, the prevalence of cyber crime overall among UK businesses and charities has remained consistent year-over-year.
Phishing attacks continue to be the most common type of cyber crime, with only 680,000 out of 8.58 million cyber crimes not categorized as phishing. However, ransomware attacks have doubled in the UK, with 1% of businesses experiencing them in 2025 compared to 0.5% in 2024. These findings were published in the cyber breaches survey by the Department for Science, Innovation, and Technology and the Home Office, which gathered responses from 180 businesses and 1,081 charities between August and December 2024.
The study also revealed that while the prevalence of cyber incidents among medium and large businesses has remained steady, the number of phishing attacks among micro and small businesses has decreased. In 2024, 49% of small businesses and 40% of micro-businesses reported phishing attacks, but these figures dropped to 42% and 35% in 2025. This decline was attributed to the adoption of cyber security risk assessments, cyber insurance, cyber security policies, and business continuity plans by smaller businesses.
Government data indicated that larger organizations are more likely to experience cyber crime due to the potential for a larger payday for attackers. This has led to an increased focus on cyber security among larger firms with more assets and higher data value.
Interestingly, the government survey highlighted a shift in responsibility for cyber security within UK organizations. Only 27% of companies have a cyber specialist on their board of directors, a significant decrease from 38% in 2021. As a result, technical teams are now required to present to non-specialists on the board to request additional cyber investment. This change has led to greater communication and collaboration between IT teams and board members to ensure that all cyber security decisions are well-informed and have a clear business impact.
Overall, the study emphasizes the importance of ongoing vigilance and investment in cyber security measures for businesses of all sizes in the UK. While progress has been made in strengthening cyber hygiene practices, the evolving landscape of cyber threats necessitates continued efforts to protect sensitive data and assets from malicious attacks.