The percentage of enterprises in the UK that reported incidents of cyber offenses and data breaches decreased from 50% to 43% within the past year. A study conducted by the government has attributed this improvement to the “noteworthy enhancement of digital vigilance among small enterprises.”
The prevalence of cyber crimes across all scales of businesses and charitable organizations in the UK has sustained its stability over the years, as indicated by a recent official report. The most common form of cyber threats remained to be phishing attacks among entities in the UK. The occurrences of cyber offenses, intrusions, or breaches that were not classified as phishing numbered just 680,000 out of the total 8.58 million experienced by enterprises. Nonetheless, ransomware attacks in the UK have seen a twofold surge from 0.5% to 1% of businesses encountering them in 2025.
The details of this study were disclosed in the cyber breaches survey, a collaborative effort by the Department for Science, Innovation and Technology and Home Office. Its conclusions were based on feedback from 180 enterprises and 1,081 charitable entities during the period from August to December 2024.
Statistics on Cyber Offenses in the UK Classified by Business Size
Although the frequency of cyber episodes among medium and large enterprises has shown minor fluctuations at approximately 67% and 74% respectively, the instances of phishing attacks have notably decreased among micro and small enterprises.
In 2024, 49% of small-scale enterprises and 40% of micro-businesses reported being targeted by phishing attacks, figures that reduced to 42% and 35% correspondingly in 2025. The investigation revealed an increasing trend of these entities embracing risk assessments related to cybersecurity, acquiring cybersecurity insurance, implementing cybersecurity protocols, and establishing contingency plans.
Official data also pointed out that the likelihood of encountering cyber crimes rises with the size of an organization, constituting a faction of all breaches and assaults. This is simply because malevolent actors are inclined towards potential lucrative gains, a probability significantly lower when targeting smaller firms with restricted assets or lesser data value.
EXPLORE: UK Introduces ‘Groundbreaking’ Cyber Code of Practice
Presenting Cyber Allocations to Boards with Limited Internal Specialists
The government’s survey unveiled an intriguing insight on the individuals accountable for cybersecurity within UK enterprises. Only 27% of firms have dedicated cybersecurity professionals on their board of directors, marking a considerable drop from the 38% recorded in 2021.
Consequently, many technical teams are now mandated to present proposals for increased cybersecurity investments to board members lacking specialist backgrounds. An IT and Digital Services Manager from an undisclosed charity, featured in the research interview, mentioned that their board is extensively engaged and doesn’t grant them full liberty.
They emphasized the necessity for continuous communication concerning their actions and rationale behind them. An architecture specialist in cybersecurity added that no initiatives are greenlit within their medium-sized enterprise without initially pitching and outlining the specific use case along with its associated business implications to the board.
About Author
