Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024
A total of 43% of UK businesses and 30% of charities experienced a cyber breach or attack in the past year, according to the newly published Cyber Security Breaches Survey 2025.
The report, published today, was commissioned by the UK Department for Science, Innovation and Technology (DSIT) and the Home Office.
While breach statistics mark a slight decline from 2024, they continue to reflect the significant cybersecurity challenges facing UK organizations.
Phishing remains the top threat, with 85% of affected businesses and 86% of charities identifying it as the cause of attacks. Email remains the primary entry point for these scams, often involving social engineering tactics to steal personal and financial data.
“Phishing continues to plague UK businesses, so it comes as no surprise that this remains the number one threat in this year’s report,” said Matt Cooke, cybersecurity strategist at Proofpoint.
“Cybercriminals target people with social engineering attempts via phishing emails, tricking people into doing what they want, mainly for financial gain.”
Experts also warned that cybercriminals are leveraging artificial intelligence to increase the scale and believability of attacks.
AI tools can help craft realistic phishing emails and fake images and even simulate phone calls, which make it more challenging for individuals to detect.
This technological edge allows attackers to operate more efficiently and on a larger scale.
Decline in Executive Oversight Raises Concern
Another key concern highlighted in the report is the decline in board-level responsibility for cyber-resilience.
Fewer senior executives are taking ownership of cybersecurity strategy, leaving gaps in organizational response to increasingly sophisticated attacks.
The financial impact is also notable:
- The average cost of a cyber breach per business is £1600; for charities: £3240
- The most disruptive breaches cost up to £3550 for businesses and £8690 for charities
- The estimated number of cybercrimes against businesses in the last year was 8.58 million
- The estimated number of cybercrimes against charities was 453,000
Calls for Legal Reform Grow Louder
Simon Whittaker, a representative of the CyberUp Campaign, emphasized the urgent need for legal reform.
“Today’s results paint a stark picture,” he said. “The Computer Misuse Act 1990, drafted in a different era, is no longer fit for purpose. It risks criminalizing the very professionals we rely on to detect, defend against and prevent these attacks.”
Although the survey shows a stable level of organizations seeking external cybersecurity guidance – 42% of businesses and 37% of charities – large businesses reported a noticeable drop to 51%, down from 67% in 2024.
The survey follows the recent update to the Cyber Security and Resilience Bill and the government’s closure of its consultation on ransomware, signaling an increased focus on strengthening national cyber-defense strategies.
However, without modern legal support and increased executive accountability, experts have warned the UK’s digital infrastructure remains under pressure.
