Cyber threats in 2025: why 24/7 protection is no longer optional

Despite a slight drop in reported cyber breaches among UK businesses (43% in 2025 vs. 50% in 2024), the threat landscape remains highly active, and increasingly sophisticated. Over 612,000 businesses and 61,000 charities experienced a cyber breach or attack in the past year, with phishing continuing to dominate as the most common and disruptive threat.

The Cyber Security Breaches Survey 2025 was commissioned by the Department for Science, Innovation and Technology (DSIT) and the Home Office, providing a detailed overview of the different changes with regards to cyber security for UK businesses and charities. 

Trends in breaches

• Phishing attacks affected 85% of breached businesses
• AI-driven impersonation is on the rise, complicating detection and response
• Ransomware incidents have doubled, now impacting 1% of all UK businesses
• Medium and large businesses remain prime targets, with breach rates at 67% and 74% respectively

The cost risks

• The average cost of the most disruptive breach included:
  • £1,600 for businesses
  • £3,240 for charities
• Excluding £0 responses, costs rise to £3,500 and £8,690 respectively
• Cyber-facilitated fraud costs businesses an average of £5,900

Cyber hygiene and risk management

• Small businesses are improving their cyber approach: more are adopting cyber insurance, formal policiies and continuity plans. This emphaises the demand to partner with a cyber security specalist to provide a professional plan for your business.
• High-income charities are however slipping in key areas like risk assessments and supplier reviews.
• Only 14% of businesses and 9% of charities review cyber risks from immediate suppliers. Let us manage your third party providers to ensure you don’t fall victim to a breach.

Incident response and training

• Internal reporting is strong (76% of businesses) but external reporting remains low (32%). Under the UK GDPR and Data Protection Act 2018, organisations must report certain types of personal data breaches to the Information Commissioner’s Office (ICO) within 72 hours. Failure to do so can result in:
  • Fines of up to £17.5 million or 4% of annual global turnover, whichever is higher.
  • Enforcement actions, including audits and mandatory corrective measures.

Cyber crime snapshot

• 283,000 businesses and 29,000 registered charities have been the victim of at least one cyber crime in the last 12 months.
• Businesses experienced an average of 30 cyber crimes in the past year.
• An estimated 8.58 million cyber crimes hit UK businesses in 2025.

Your next steps

Anyone who wants to prevent their account getting breached must adopt a trusted and secure framework to prevent their organisation falling victim to a cyber breach. With phishing, ransomware and AI-driven attacks on the rise, 24/7 managed detection and response (MDR) is no longer a luxury: it’s a necessity.