The percentage of companies in the UK reporting cyber attacks and information breaches has actually dropped from 50% to 43% in the last year. A government study has associated this to the “observed fortifying of cyber health amongst small businesses.”
The frequency of cyber criminal offense general amongst UK businesses and charities of all sizes has actually stayed constant year-over-year, according to a current government study. Phishing also remained the most common type of cyber criminal offense, attack, or breach amongst organisations in the UK. Just 680,000 of the 8.58 million cyber criminal offenses experienced by companies were not categorised as phishing. Nonetheless, ransomware attacks in the UK have doubled from 0.5% of companies experiencing them in 2024 to 1% in 2025.
The outcomes were published in the cyber breaches study by the Department for Science, Innovation and Innovation and Office. Its findings were based on responses from 180 businesses and 1,081 charities between August and December 2024.
UK’s cyber criminal offense stats by business size
While the occurrence of cyber incidents amongst medium and big services has actually remained reasonably consistent at around 67% and 74% respectively, the variety of phishing attacks among micro and small businesses has actually decreased significantly.
In 2024, 49% of small companies and 40% of micro-businesses reported phishing attacks, however these figures dropped to 42% and 35% in 2025. The research study found that they are significantly embracing cyber security danger assessments, cyber insurance coverage, cyber security policies, and company connection plans.
Federal government data also showed that the bigger the organisation, the most likely they are to experience cyber criminal activity, which makes up a subset of all breaches and attacks. Naturally. aggressors are trying to find a big payday, and they are less likely to get one from smaller sized firms with limited assets or lower-data worth.
SEE: UK Announces ‘World-First’ Cyber Code of Practice
Cyber budgets now pitched to boards with less internal specialists
The federal government study made an interesting observation when it came to who takes duty for cyber security in UK organisations. Only 27% have a cyber specialist on their board of directors, marking a substantial decline considering that 2021 when that very same figure was 38%.
This means that numerous technical groups must now provide to non-specialists on the board to ask for more cyber investment. An IT and Digital Services Manager at an unnamed charity stated in an interview as part of the research study that their board is “very involved” and does not provide “full autonomy.”
“We need to have a consistent dialogue about what we’re doing, this is why we’re doing it,” they said. A cyber designer likewise said that “nothing gets approval” at their medium-sized business without very first making a pitch to the board, outlining the precise use case and its organization effect.
