Four in 10 UK businesses hit by cyber attack or breach in the last year

10 April 2025, 14:04

A laptop user with their hood up
Cyber Security and Resilience Bill. Picture: PA

The figures are a slight drop on the previous year.

The number of businesses reporting a cybersecurity breach or attack in the last 12 months has fallen slightly compared with the previous year, according to government figures.

The annual Cyber Security Breaches Survey found that 43% of businesses and 30% of charities had experienced a breach or attack in the last year, which for businesses was down from 50% last year.

The report said the decrease was down to fewer small businesses reporting attacks, but warned that the prevalence of breaches among medium and large businesses remained high.

According to the figures, it was estimated that the average cost of the most disruptive breach for each business in the last 12 months was £1,600 for businesses and £3,240 for charities.

Time and again, we see that businesses and charities are under relentless attack, but those on the front line of our digital defences are working with one hand tied behind their back by outdated legislation

Simon Whittaker, head of cybersecurity at Instil

Cyber attacks on businesses and infrastructure have become increasingly common, and the Government has unveiled plans to introduce new legislation – the Cyber Security and Resilience Bill – designed to compel firms to beef up their cyber defences and better protect the UK from the growing threat.

Last year, the government also announced the designation of UK data centres as critical national infrastructure, meaning that in the event of a major incident, including a cyber attack, they will receive the same level of government support as utilities such as water and energy.

According to the Cyber Security Breaches Survey, the last 12 months have seen an improvement in good cyber hygiene practices among smaller businesses, with the uptake of cybersecurity risk assessments, cyber insurance, formal cybersecurity risk policy and continuity plans all reported as rising.

However, it said the number of high-income charities reporting good practices, such as carrying out risk assessments, had fallen.

The study said insights from charities suggest this could be linked to budget constraints.

The report said a formal cybersecurity strategy was found to be in place at 70% of large businesses, but only 57% of medium-sized firms.

Simon Whittaker, head of cybersecurity at IT firm Instil, said the UK needed updated cybersecurity laws to help better protect businesses from the “relentless” attacks they faced.

Mr Whittaker, who is a supporter of the CyberUp campaign, an industry coalition which is calling on the government to update existing cyber laws, said: “Today’s results paint a stark picture of the cyber threats facing UK organisations.

“Time and again, we see that businesses and charities are under relentless attack, but those on the front line of our digital defences are working with one hand tied behind their back by outdated legislation.

“The Computer Misuse Act 1990, drafted in a different era, is no longer fit for purpose.

“It risks criminalising the very professionals we rely on to detect, defend against and prevent these attacks.

“While other countries have moved with the times to empower their cybersecurity sectors, the UK is still relying on legislation written before smartphones, cloud computing or even the modern internet.

“The Government has rightly prioritised cybersecurity with the first dedicated cyber Bill and a wider focus on technology adoption and the digital economy.

“However, these efforts risk being undermined by legal constraints on our cyber defenders if our laws do not catch up with the reality of today’s threats.

“We urgently need a modern legal framework that protects the public and enables cybersecurity professionals to do their jobs.”

Cyber security minister Feryal Clark said: “These figures show why we’ve put such a focus on making sure the UK has robust cyber security defences in place.

“Cyber attacks are disrupting our citizens, businesses and economy, and this year’s survey puts the risks we face into sharp focus. While we are making progress, there’s still more to do, and we all have a role to play.

“That’s why in the last 10 days we’ve set out our plans for cyber security legislation and launched a suite of packages to support businesses in shoring up their defences – working to protect the public and the economic growth which is central to our Plan for Change.”

By Press Association

More Technology News

See more More Technology News

People ride an upward escalator next to the Dior store at the Icon Siam shopping mall on June 12, 2024 in Bangkok, Thailand.

Luxury fashion giant Dior latest high-profile retailer to be hit by cyber attack as customer data accessed

A plane spotter with binoculars from behind watching a British Airways plane landing

‘Flying taxis’ could appear in UK skies as early as 2028, minister says

Apple App Store

Take on Apple and Google to boost UK economy, think tank says

A survey of more than 1,000 employers found that around one in eight thought AI would give them a competitive edge and would lead to fewer staff.

One in three employers believe AI will boost productivity, research finds

Hands on a laptop showing an AI search

One in three employers believe AI will boost productivity, research finds

Music creators and politicians take part in a protest calling on the Government to ditch plans to allow AI tech firms to steal their work without payment or permission opposite the Houses of Parliament in London.

Creatives face a 'kind-of apocalyptic moment’ over AI concerns, minister says

Ngamba Island Chimpanzee Sanctuary on Lake Victoria, Uganda

Chimps use medicinal plants to treat each other's wounds and practice 'self-care' as scientists hail fascinating discovery

Close up of a person's hands on the laptop keyboard

Ofcom investigating pornography site over alleged Online Safety Act breaches

The Monzo app on a smartphone

Monzo customers can cancel bank transfers if they quickly spot an error

Co-op sign

Co-op to re-stock empty shelves as it recovers from major hack

The study said that it was often too easy for adult strangers to pick out girls online and send them unsolicited messages.

Social media platforms are failing to protect women and girls from harm, new research reveals

Peter Kyle leaves 10 Downing Street, London

Government-built AI tool used to cut admin work for human staff

In its last reported annual headcount in June 2024, Microsoft employed 228,000 full-time workers

Microsoft axes 6,000 jobs despite strong profits in recent quarters

Airbnb logo

Airbnb unveils revamp as it expands ‘beyond stays’ to challenge hotel sector

A car key on top of a Certificate of Motor Insurance and Policy Schedule

Drivers losing thousands to ghost broker scams – the red flags to watch out for

Marks and Spencer cyber attack

M&S customers urged to ‘stay vigilant’ for fraud after data breach confirmed