UK Cyber Security Breaches Survey 2025

What is surprising is that the survey revealed all types of educational institutions — Primary (44%), Secondary (60%), Colleges (85%), and Universities (91%) — were more likely to experience a breach or attack than businesses and charities overall.

Evidently, all organisations, be them from the private, public or charity sectors in the UK, still face a persistent risk from the rapidly evolving threat of cyber and must continue to strengthen their resilience.

Social engineering is the top threat – but ransomware is increasing

Phishing attacks remain the most prevalent cyber threat in 2024, by a wide margin. Among organisations that experienced an incident, 85% of businesses and 86% of charities identified phishing as the root cause. Phishing was also the top threat to educational institutions. Other social engineering tactics, such as impersonation, were the second most common attack across the board. Respondents also reported phishing as the most disruptive type of attack, largely due to the sheer volume of attempts, which resulted in significant time spent reporting and investigating incidents.

With the assistance of Artificial Intelligence (AI), it is no surprise that phishing remains the most persistent cyber attack. AI can assist cyber criminals in generating convincing phishing emails, texts, and phone calls that make it more difficult to notice the deception and increase susceptibility.

Ransomware attacks still affect a smaller percentage of businesses overall. Nevertheless, their impact can be catastrophic. Large businesses were disproportionately affected, with 14% reporting incidents, compared to 6% of businesses overall.

Despite being far less common than phishing, ransomware poses a greater threat to operational viability, often bringing operations to a standstill or disrupting business for months. For instance, the recent suspected ransomware attack on Marks & Spencer (M&S) in April is estimated to have cost the company around £300 million, with disruption to its online services expected to continue until July.

Cyber resilience remains a priority – but gaps persist

Most UK organisations recognise the importance of strengthening their cyber resilience, with 72% of businesses and 68% of charities reporting that cybersecurity is a high priority.

Encouragingly, cyber hygiene measures have improved over the past year, particularly among small businesses, with notable progress in areas such as risk assessments, cyber insurance, and formal policies. In addition, most large and medium-sized businesses have a formal cybersecurity strategy in place.

The majority of organisations — regardless of size, have a range of basic technical measures implemented, including malware protection, password policies, network firewalls, data back-ups, and access controls. Furthermore, in terms of educational institutions, all types were more likely than businesses overall to have technical controls covered under Cyber Essentials in place.

However, despite these positive developments, significant gaps remain.

One concerning trend consistent with previous years is that businesses in the retail and wholesale sectors are significantly less likely to prioritise cybersecurity, with 44% considering it a low priority compared with 27% of businesses overall. It is therefore perhaps unsurprising that three major UK retailers have recently suffered severe cyber attacks. Another concern is the decline in the proportion of high-income charities that have a cybersecurity strategy, which has dropped from 47% in 2024 to just 39% this year.

Implementation of more advanced technical controls also lags, with the use of Two-Factor Authentication, Virtual Private Networks, and user monitoring remaining low. The lack of investment in cyber awareness among staff is a further concern: only 19% of businesses and 21% of charities have provided cyber security training in the past year. Regular staff training is essential for keeping pace with evolving threats, fostering a security culture, and improving incident response, all of which contribute to an organisation’s overall security posture.

Supply chain vulnerabilities are another overlooked area. Just 14% of businesses and 9% of charities review the cybersecurity practices of their immediate suppliers, and even fewer evaluate their wider supply chains. The recent cyber breach at M&S, which originated from one of their third-party suppliers, highlights how vulnerabilities within the supply chain can have cascading effects on an organisation.

Perhaps most troubling is the decline in cyber security governance at the board level. Only 27% of UK businesses now have a board member responsible for cyber security, down from 38% in 2021. Boards play a critical role in shaping organisational priorities and allocating resources, and this drop signals a worrying trend of complacency at the highest levels of leadership. At a time when cyber threats continue to evolve and intensify, strong board-level oversight and a holistic organisational approach are more essential than ever.

What does this mean?

In tandem with the recent prevalence of cyber attacks, this latest cyber security breaches survey highlights the persistence of cyber threats and what areas of cybersecurity UK organisations need to strengthen to better protect themselves from attacks and respond more effectively.

How can we help

Given the increasing frequency and sophistication of cyber threats highlighted by this year's survey, strengthening your organisation's cyber resilience is more important than ever. Our Forensic Services team can help identify vulnerabilities, mitigate risks, and improve your defences to ensure better protection against future attacks. Find out more about our cyber security services here.