UK cyber security breaches survey – key insights for businesses 

Cyber security rarely makes headlines unless something has gone badly wrong. But each year, the UK Government’s Cyber Security Breaches Survey offers a far more useful view – an honest snapshot of how organisations are really coping with cyber risk, day to day. 

The latest findings reinforce a message we see consistently when working with partners and clients across the UK – cyber threats are no longer abstract or for enterprise businesses, and resilience is no longer optional. 

So what should businesses take away from the survey – and more importantly, what should they do next?

 

---

Cyber incidents are now a business reality 

The survey found that just over four in ten businesses (43%) and around three in ten charities (28%) reported having experienced any kind of security breach or attack within the last 12 months. This is approximately 612,000 UK businesses and 57,000 UK charities.   

Plus, phishing attacks remained the most common type of breach or attack by far (experienced by 38% of businesses and 25% of charities). 

One of the clearest messages from the survey is that cyber incidents are not confined to large enterprises or highly regulated sectors. Organisations of all sizes continue to experience breaches or attacks – from phishing emails and credential compromise to more disruptive incidents. 

This matters because many organisations still view cyber security as an IT problem, rather than a business one. In reality, the impact of an incident often extends far beyond systems – affecting productivity, customer trust, revenue and reputation. 

The takeaway: cyber risk should be treated with the same seriousness as financial or operational risk – owned at board level, not buried in technical teams. 

 

---

Preparedness remains inconsistent 

The government’s report found that there’s an inconsistency in how prepared businesses and charities are. For example, most of them have: 

• implemented basic technical controls, such as updated malware protection (81% businesses and 63% charities). 

• backed up their data securely via a cloud service (74% businesses and 57% charities). 

• put password policies in place (74% businesses and 56% charities). 

• deployed network firewalls (74% businesses and 45% charities). 

• enforced restricted admin rights (73% businesses and 65% charities).  

 

However, adoption of more advanced controls remains a lot lower. For instance:  

• enabled two-factor authentication (47% businesses and 38% charities). 

• implemented a virtual private network for staff connecting remotely (36% businesses and 17% charities). 

• introducing user monitoring (30% businesses and 31% charities). 

 

Considering some frameworks and security regulations require multifactor authentication, backup and password policies, it’s alarming that some of the figures aren’t higher. 

While awareness of cyber threats has improved, the survey highlights that preparedness varies widely. Some organisations have clear incident response plans, regular backups and defined responsibilities. Others rely on informal processes, outdated controls or assumptions that “it won’t happen to us”. 

This gap between awareness and action is where many breaches become costly. Without tested plans, even relatively small incidents can escalate quickly – leading to longer downtime and greater disruption. 

The takeaway: resilience is built before an incident happens. Clear policies, tested recovery processes and visibility across your environment make the difference when pressure is on. 

 

---

Supply chains continue to be a weak point 

Another recurring theme is the role of third parties and suppliers. As organisations increasingly rely on cloud services, MSPs and SaaS platforms, their security posture is only as strong as the wider ecosystem around them. 

Yet many businesses still lack visibility into supplier risk or clear processes for assessing it. The report found that just over one in ten businesses said they reviewed the risks posed by their immediate suppliers (15%) and under one in ten were looking at their wider supply chain (6%). This creates exposure that sits outside traditional perimeter controls – and is often overlooked until something goes wrong. 

The takeaway: cyber security doesn’t stop at your own firewall. Understanding and managing supplier risk is now a core part of protecting your organisation. Check out our supply chain security blog. 

 

---

Skills and confidence gaps persist 

The survey also reflects ongoing challenges around cyber skills and confidence. Many organisations struggle to keep up with the pace of change, new threat vectors and evolving best practice – particularly where security is not a dedicated in-house function. 

This isn’t a failure – it’s a reality of modern IT. The challenge is recognising where internal capability ends, and where external expertise can add value. 

The takeaway: strong security outcomes don’t require doing everything yourself – they require knowing where to get the right support. Talk to us about MDR, managed Microsoft 365 backup, pen testing and other security services we offer. 

 

---

Turning insight into action 

Read the full report to see which statistics have increased and decreased over the last few years. 

Surveys don’t prevent breaches – but what you do with the insight can. 

For UK businesses, the message is clear: 

• Cyber incidents are likely, not hypothetical 

• Preparation and recovery matter as much as prevention 
• Visibility – across systems, data and suppliers – is critical 

We help turn these principles into practical action – from strengthening cloud resilience and backup strategies, to supporting security frameworks that scale with the business. 

Because cyber security isn’t about fear – it’s about confidence. Confidence that when something happens, your organisation can respond, recover and keep moving forward. 

 

---

Find your security gaps 

Book a free Seven Layers of Security Assessment. Get a gap analysis report and recommendations on solutions to plug those gaps to improve your security posture and compliance.