Welcome to Equilibrium Security’s take on the just-released Government UK Cyber Breaches Survey 2025!
If you’re leading on Cyber Security in your organisation, you know how quickly the threat landscape shifts. The 2025 Cyber Breaches Survey gives you a clear picture of how organisations across the UK are responding, and what they’re doing to stay resilient.
We’re here to break it all down for you — picking out the insights that matter most, so you can focus on what’s next for your Cyber Security strategy.
First things first: What is the UK Cyber Breaches Survey 2025?
The Cyber Security Breaches Survey is an annual study that feeds directly into the UK’s National Cyber Strategy. Its mission? To gather insights on how UK businesses, charities, and educational institutions are handling Cyber Security risks, incidents, and best practices.
This year’s report shines a light on awareness, attitudes, and actions across all sectors — helping the government and organisations like yours strengthen the UK’s cyber resilience.
Cyber Breach Reporting and Attacks: The Current Picture
In the past 12 months, 43% of businesses and 30% of charities reported experiencing a Cyber Security breach or attack. That’s still a significant number — but there’s actually been a slight improvement since 2024, when half of all businesses (50%) said they’d been hit.
What’s behind the drop?
Mainly, it’s micro and small businesses who have seen fewer incidents this year. Stronger defences, better awareness, and perhaps some well-timed cyber hygiene upgrades seem to be paying off.
But it’s not all plain sailing. Medium and large businesses are still feeling the heat, with 67% of medium businesses and 74% of large businesses reporting breaches or attacks. In other words, the bigger the organisation, the bigger the target.
So while it’s great to see some positive momentum, it’s clear that cyber threats aren’t going anywhere. Staying proactive — not just reactive — remains absolutely key.
Phishing Attacks: Still the Biggest Threat
You’re probably no stranger to phishing attacks — and the latest figures show they’re still topping the charts.
Among organisations that experienced hacking, a huge 85% of businesses and 86% of charities said phishing was to blame. No surprise, then, that phishing remains the most disruptive type of breach.
Counting the Cost of Cyber Attacks
The average self-reported cost of a cyber breach for businesses in the past year was £1,600. If we exclude those who said it cost them nothing, the figure jumps to £3,550.
For charities, the average was even higher — coming in at £3,240 (or £8,690 when £0 responses are taken out).
- But here’s the thing: these are self-reported costs. In reality, the true financial impact could be far greater when you factor in hidden costs like lost productivity, reputational damage, and the time spent fixing problems behind the scenes.
Cyber Hygiene: A Mixed Bag of Progress
It’s not all doom and gloom out there — far from it.
Small businesses, in particular, have stepped up their game.
Over the past year, more are ticking off the cyber basics:
- 48% are now carrying out cyber risk assessments (up from 41%).
- 62% have taken out cyber insurance (up from 49%).
- 59% have formal Cyber Security policies in place (up from 51%).
- 53% have business continuity plans that cover cyber risks (up from 44%).
That’s real progress — and it shows that smaller organisations are starting to treat Cyber Security as an essential part of doing business, not just a nice-to-have.
But it’s not good news across the board. High-income charities, for example, seem to be losing ground.
Fewer are identifying cyber risks — with figures dropping to 75% from 86%.
There’s also been a noticeable dip in how many are reviewing supplier risks and putting formal strategies in place.
Cyber Security Controls: Solid Foundations, Room to Grow
Most organisations now have the basics in place — from malware protection and password policies to firewalls and secure cloud backups. That’s a great starting point.
However, more advanced protections are less common. Only 40% of businesses currently use two-factor authentication, and fewer have introduced VPNs or user monitoring.
Building on those strong foundations with a few extra measures could make everyday security even stronger.
Board Engagement and Governance
Cyber Security is still firmly on the agenda, with 72% of businesses and 68% of charities saying it’s a top priority. This is reassuring.
However, fewer businesses now have a board member specifically responsible for Cyber Security (27%, compared to 38% back in 2021). It’s a reminder that leadership focus is crucial, not just in words but in action.
On a brighter note: larger organisations are leading the way: 92% of medium businesses and 96% of large businesses say Cyber Security is a clear priority at board level.
Incident Response: Are Organisations Ready?
When something goes wrong, most organisations act fast. 76% of businesses and 80% of charities say they report cyber breaches to their senior management teams.
Formal incident response plans are much more common in larger businesses and sectors like health, finance, and communications, where the risks (and the stakes) are naturally higher.
- The good news? Small businesses are stepping up. Compared to 2024, more have introduced internal reporting guidance and external communications plans, showing that even smaller teams are taking incident response more seriously.
Cyber Crime and Fraud: The Bigger Picture
Cyber crime continues to be a real threat across the UK. In the past year, 20% of businesses and 14% of charities fell victim to at least one cyber crime.
Unsurprisingly, the bigger the organisation (or the bigger the budget), the bigger the target. Victim rates steadily rise with organisation size and income — a reminder that cyber criminals often go where the opportunities look most lucrative.
One stat worth noting: ransomware cases have doubled. In 2025, 1% of businesses — around 19,000 organisations — experienced a ransomware incident, up from less than 0.5% the year before.
The threat landscape might be evolving, but so too is the way businesses are responding — staying alert, adaptable, and ready.
The Cost of Cyber Crime
When it comes to cyber crime, the price tag can add up fast.
The average cost per business (excluding phishing-related incidents) was around £990 — and if you take out those who reported no cost at all, it jumps to £1,970.
Looking at the bigger picture, it’s estimated that UK businesses experienced a staggering 8.58 million cyber crimes in the past year alone.
Cyber Fraud Statistics: The Hidden Sting
The Cyber Breaches Survey revealed 3% of businesses and 1% of charities experienced fraud after a cyber data breach, leading to an estimated 72,000 fraud events across UK businesses last year.
And when cyber fraud hits, it hits harder than general cyber crime.
The latest cyber fraud reporting reveals:
- The average cost per business was £5,900 (including £0 responses).
- Excluding those who reported no financial loss, the average shoots up to £10,000.
It’s a clear reminder: sometimes the real damage comes after the breach.
Is Your Cyber Security Strategy Ready for Today’s Threats?
The 2025 Cyber Breaches Survey gives us a clear picture:
Progress is happening — especially among smaller businesses, who are strengthening their cyber hygiene and incident response.
But let’s not get too comfortable. Phishing, ransomware, and cyber-facilitated fraud are still major threats, and the cost of falling victim is only getting steeper.
The takeaway is clear: building cyber resilience isn’t a one-off tick-box exercise. It’s an ongoing journey. Organisations need to keep investing in the basics — solid cyber hygiene, staff training, strong incident plans, and supplier security checks.
If you’re not sure where to start — or you simply want a second opinion from a team that lives and breathes Cyber Security — we’re here to help. Call our security experts on 0121 663 0055 or email enquiries@equilibrium-security.co.uk
Let’s work together to make sure your Cyber Security is exactly where it needs to be.
Ready to achieve your security goals? We’re at your service.
expertise to help you shape and deliver your security strategy.
About the author
