...
Close Menu
    Trending
    UK Tech News

    More Than 40% of UK Firms Hit by Cyber Breaches in Past Year, Government Survey Confirms

    The UK Government's Cyber Security Breaches Survey 2025/2026 found that about 612,000 companies experienced a cyber security breach or attack in the past 12 months, with phishing remaining the dominant threat 
    Fawad MalikBy No Comments4 Mins Read
    Digital code screen with a red "Cyber Attack" alert illustrating a report on UK government survey results.
    A recent government survey has revealed that over 600,000 UK organizations were targeted by cyber attacks in the past year, highlighting a critical need for improved digital security.

    KEY TAKEAWAYS

    • 43 per cent of UK businesses and 30 per cent of charities reported a cybersecurity breach or attack in the past year, equating to an estimated 612,000 businesses and 61,000 charities.
    • Phishing remains the most prevalent attack type, affecting 85 per cent of businesses and 86 per cent of charities that experienced any breach.
    • Only 19 per cent of UK businesses provide staff cyber security training, despite human error remaining the primary entry point for attackers.
    • The proportion of businesses holding Cyber Essentials certification has risen to 5 per cent overall, with large business adoption jumping from 21 per cent to 35 per cent year-on-year.

    More than two in five British businesses suffered a cyber security breach or attack in the past year, the Department for Science, Innovation and Technology confirmed in its Cyber Security Breaches Survey 2025/2026 released on 30 April 2026.

    The survey found that 43 per cent of UK businesses, roughly 612,000 firms, reported a breach or attack, alongside 30 per cent of charities.

    The figures arrive as the government and private sector face growing pressure from AI-enhanced phishing campaigns and ransomware operations that have doubled in frequency since 2024, per the National Cyber Security Centre.

    The rapid adoption of AI coding tools, including Anthropic’s Claude Mythos, has lowered barriers for attackers, reflected in the survey’s findings across the British economy.

    What the Survey Found, Sector by Sector

    Breaches are unevenly distributed. The UK Government survey shows medium and large businesses are most exposed, with 67 per cent of medium firms and 70 per cent of large firms reporting a breach or attack. 

    This is broadly in line with 2024/2025 and suggests defences are improving but still not keeping ahead of threats. 

    Small firms showed a slight decline, with 42 per cent reporting a breach versus 49 per cent last year, while micro businesses fell from 40 per cent to 35 per cent, a shift experts link to improved basic cyber hygiene rather than reduced targeting.

    Phishing remains the dominant entry point, cited in 85 per cent of incidents of businesses that experienced any breach. This matches recent warnings that AI search results are directing Brits to fake numbers, illustrating how criminals manipulate modern tools to increase the “convincingness” of social engineering attempts. 

    AI-generated phishing attacks have surged by more than 1,200 per cent year on year, according to Investing.com

    This matches recent warnings that AI search results are directing Brits to fake numbers, illustrating how criminals manipulate modern tools to increase the “convincingness” of social engineering attempts. 

    The Gaps That Leave UK Firms Exposed

    Despite the high breach rate, the survey reveals significant gaps in fundamental cyber hygiene across British organisations. 

    As the UK Government’s official figures noted, only 19 per cent of businesses provide staff cyber security training, unchanged from the previous year, despite human error remaining the most common cause of successful breaches.

    Just 40 per cent of businesses use two-factor authentication, and only 31 per cent operate a virtual private network for staff connecting remotely. These gaps highlight why the UK’s sovereign AI unit must now prioritize national resilience against automated threats.

    Supply chain risk assessment is even more limited: only 14 per cent of businesses review the cyber security risks posed by their immediate suppliers, and fewer than one in ten examine their wider supply chain. 

    This is a critical vulnerability given that supply chain attacks have emerged as one of the fastest-growing attack vectors in 2025 and 2026.

    What Businesses Are Being Asked to Do

    As Reuters confirmed, the government is using the survey findings to boost uptake of its Cyber Essentials scheme. This baseline certification covers five core security controls that the NCSC says address around 80 per cent of common attacks.

    Adoption has risen, with large business certification increasing from 21 per cent to 35 per cent year on year and small business uptake from 5 per cent to 12 per cent. 

    This shift aligns with broader tech trends revolutionising UK businesses, where security is becoming a core pillar of digital transformation. 

    The government is urging all firms to adopt Cyber Essentials as a minimum standard and is expanding requirements in 2026 to include cloud infrastructure and remote working setups. 

    Organisations affected by a breach are advised to report it to the NCSC and Action Fraud on 0300 123 2040.

    Source: Cyber security breaches survey 2025/2026

    Share.

    Fawad Malik is the founder of WebTech Solution, a leading SEO and digital marketing agency with over 12 years of experience in helping businesses grow online. He is also the visionary behind Nogentech.org, a well-known digital media platform. Now, with Nogentech.co.uk, Fawad is bringing his industry expertise and proven strategies to a wider UK audience, aiming to empower entrepreneurs, marketers, and startups with actionable insights and the latest trends in tech & digital marketing.

    Related Posts

    Leave A Reply