The proportion of companies within the UK reporting cyber assaults and information breaches has dropped from 50% to 43% within the final yr. A authorities examine has attributed this to the “noticed strengthening of cyber hygiene amongst small companies.”
The prevalence of cyber crime general amongst UK companies and charities of all sizes has remained constant year-over-year, in line with a current authorities examine. Phishing additionally remained the most typical sort of cyber crime, assault, or breach amongst organisations within the UK. Solely 680,000 of the 8.58 million cyber crimes skilled by companies weren’t categorised as phishing. However, ransomware assaults within the UK have doubled from 0.5% of companies experiencing them in 2024 to 1% in 2025.
The outcomes had been printed within the cyber breaches survey by the Division for Science, Innovation and Expertise and Residence Workplace. Its findings had been based mostly on responses from 180 companies and 1,081 charities between August and December 2024.
UK’s cyber crime stats by firm dimension
Whereas the prevalence of cyber incidents amongst medium and enormous companies has remained comparatively constant at round 67% and 74% respectively, the variety of phishing assaults amongst micro and small companies has declined markedly.
In 2024, 49% of small companies and 40% of micro-businesses reported phishing assaults, however these figures dropped to 42% and 35% in 2025. The examine discovered that they’re more and more adopting cyber safety threat assessments, cyber insurance coverage, cyber safety insurance policies, and enterprise continuity plans.
Authorities information additionally confirmed that the bigger the organisation, the extra doubtless they’re to expertise cyber crime, which constitutes a subset of all breaches and assaults. Naturally. attackers are on the lookout for a giant payday, and they’re much less prone to get one from smaller corporations with restricted belongings or lower-data worth.
SEE: UK Publicizes ‘World-First’ Cyber Code of Apply
Cyber budgets now pitched to boards with fewer in-house specialists
The federal government survey made an fascinating remark when it got here to who takes duty for cyber safety in UK organisations. Solely 27% have a cyber specialist on their board of administrators, marking a big decline since 2021 when that very same determine was 38%.
Which means that many technical groups should now current to non-specialists on the board to request extra cyber funding. An IT and Digital Companies Supervisor at an unnamed charity mentioned in an interview as a part of the analysis that their board is “very concerned” and doesn’t give them “full autonomy.”
“We have to have a relentless dialogue about what we’re doing, that is why we’re doing it,” they mentioned. A cyber architect additionally mentioned that “nothing will get approval” at their medium-sized firm with out first making a pitch to the board, outlining the precise use case and its enterprise impression.
