Each year, the Cyber Security Breaches Survey—commissioned by the Department of Service, Innovation and Technology as part of the UK Government’s National Cyber Security Programme—offers critical insights into the evolving cyber threat landscape.
Cyber Threats in 2025: Key Findings
According to the 2025 Cyber Security Breaches Survey:
- 43% of UK businesses and 30% of charities reported experiencing a cyber breach or attack in the past 12 months.
- Larger businesses were hit harder, with 74% suffering at least one cyber event.
Phishing attacks remain the most common and disruptive method used by cybercriminals. Among affected organisations:
- 85% of businesses and 86% of charities were breached via phishing.
Phishing typically involves fraudulent emails that trick users into clicking on malicious links. These emails are becoming increasingly convincing—especially when attackers have compromised an employee’s legitimate email account.
The Financial Impact of Cyber Breaches
Among organisations that identified a breach, 16% experienced a negative outcome such as:
- Temporary loss of access to files or networks
- Website or online services becoming slow or inaccessible
- Loss of access to third-party services
- Personal data being altered, destroyed, or stolen
Average Cost of the Most Disruptive Breach (Past 12 Months):
- All businesses: £8,260
- Micro & small businesses: £7,960
- Medium & large businesses: £12,560
- Charities: £21,540
Cyber Hygiene: Prevention is Better Than Cure
Implementing strong cyber hygiene practices can reduce the likelihood and impact of cyber attacks. These measures can be:
- Strong Passwords: Use passwords with at least 12 characters including uppercase, lowercase, numbers, and symbols.
- Multifactor Authentication (MFA): Require MFA for critical accounts to add a layer of security.
- Data Backups: Regularly back up essential files on an external drive or secure cloud storage.
- Antivirus & Security Software: Deploy reputable antivirus software to detect and remove threats automatically.
- Employee Training: Educate staff to recognize phishing emails and other cyber threats.
Additional Measures can also be Firewall implementation, Monitoring of user activity and Use of Virtual Private Networks (VPNs).
Protect Your Organisation with Cyber Insurance
Cyber Insurance can play a vital role in helping your organisation recover financially from a cyber attack or breach.
Contact us for a no-obligation quote today. Call us on 01536 303310 or complete our enquiry form and we’ll be in touch as soon as possible.