Four in 10 (43%) of UK businesses and 30% of charities have experienced a cyber attack or data breach in the last 12 months, according to the latest ‘Cyber Security Breaches Survey’ released by the UK government. While this marks a slight decrease from last year’s 50%, the threat level for medium and large businesses remains concerningly high.
The average cost of the most disruptive breach was estimated at £1,600 for businesses and £3,240 for charities.
The drop in incidents is attributed mainly to fewer small businesses reporting breaches – but government officials are warning against complacency. With cyber threats increasingly targeting critical infrastructure, the government is introducing the Cyber Security and Resilience Bill, compelling organisations to strengthen their digital defences.
The survey found that 70% of large businesses now have a formal cyber strategy in place, compared with just 57% of medium-sized firms – exposing a potential gap in preparation among mid-sized enterprises.
There has been a significant improvement in cyber hygiene practices among smaller businesses, with rising adoption of risk assessments, cyber insurance, formal cybersecurity policies, and continuity planning.
These steps are seen as essential in building digital resilience across the UK economy.
However, the number of high-income charities implementing best practices such as risk assessments has declined. Insights suggest this may be linked to budgetary pressures, limiting their ability to invest in adequate cybersecurity measures.
“Keeping banking systems online is becoming more challenging, and technology alone isn’t enough. Skilled IT teams are crucial for spotting risks early and responding quickly to prevent disruptions,” said Sawan Joshi, Group Director of Information Security, FDM Group. “Organisations need to invest in ongoing training so their staff can strengthen system defences and recover fast when issues arise. A mix of advanced monitoring, backup systems, and a well-trained workforce is key to keeping services running and maintaining customer trust.'”
The government has also confirmed that UK data centres are now officially designated as critical national infrastructure. This means they will receive the same priority in the event of a major incident—such as a cyber attack—as essential services like water and energy.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.