A recent report published by the UK Department for Science, Innovation, and Technology (DSIT) and the Home Office reveals that cyber breaches and attacks remain a significant concern for UK businesses and charities. According to the Cyber Security Breaches Survey 2025, 43% of businesses and 30% of charities experienced a cyber breach or attack in the past year.
Although there has been a slight decline from the previous year, the statistics underscore the ongoing cybersecurity challenges faced by organizations in the UK. The report highlights phishing as the top threat, with 85% of affected businesses and 86% of charities attributing attacks to this method. These phishing scams often target individuals through email, using social engineering tactics to steal personal and financial data.
Cybersecurity experts, such as Matt Cooke, a cybersecurity strategist at Proofpoint, emphasize the prevalence of phishing attacks and the role of social engineering in cybercrime. Cybercriminals continue to exploit human vulnerabilities through phishing emails, manipulating individuals for financial gain.
Moreover, the report warns of the growing use of artificial intelligence by cybercriminals to enhance the scale and believability of their attacks. AI tools enable the creation of realistic phishing emails, fake images, and simulated phone calls, making it harder for individuals to identify and defend against these threats. This technological advancement allows attackers to operate more efficiently and on a larger scale, posing a greater risk to organizations.
Another concerning trend highlighted in the report is the decline in executive oversight of cybersecurity within organizations. Fewer senior executives are taking responsibility for cybersecurity strategy, leaving gaps in the organizational response to sophisticated attacks. This lack of leadership at the board level can have significant financial consequences, with the average cost of a cyber breach per business estimated at £1600 and £3240 for charities.
The report also sheds light on the urgent need for legal reform in addressing cyber threats. Simon Whittaker, a representative of the CyberUp Campaign, stresses the outdated nature of the Computer Misuse Act 1990 and calls for modern legislation to support cybersecurity professionals in detecting, defending against, and preventing attacks.
While the survey indicates a consistent level of organizations seeking external cybersecurity guidance, there has been a decrease in large businesses seeking such support. This downward trend raises concerns about the readiness of organizations to confront evolving cyber threats effectively.
In response to the growing cybersecurity challenges, the UK government has taken steps to strengthen national cyber-defense strategies. Updates to the Cyber Security and Resilience Bill and consultations on ransomware demonstrate a commitment to enhancing cybersecurity measures. However, experts caution that without modern legal support and increased executive accountability, the UK’s digital infrastructure remains vulnerable to cyber attacks.
Overall, the Cyber Security Breaches Survey 2025 highlights the persistent threat of cyber breaches and attacks, emphasizing the need for proactive measures to safeguard businesses and charities against evolving cyber threats. As technology continues to advance, organizations must prioritize cybersecurity as a critical aspect of their operations to mitigate risks and protect sensitive data.