The government’s annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches.In the digital age, the threat of cyber security breaches looms large over organisations across the globe. In the United Kingdom, this threat is not only pervasive but also significant. A staggering 43% of businesses, 28% of charities, and 69% of large firms have fallen prey to either a data breach or cyber attack in the past year. Furthermore, nearly a third of respondents reported experiencing such incidents on a weekly basis. These alarming statistics are part of the UK government’s latest Cyber Security Breaches Survey for 2025-26.
The past year has been marked by a series of high-profile cyber incidents targeting renowned companies such as Marks & Spencer, Co-op Group, and Jaguar Land Rover. This period has also seen a surge in concerns over the impact of offensive artificial intelligence (AI), a topic that prompted a warning from government ministers earlier in April.
Liz Lloyd, the UK’s cyber security minister, emphasised the gravity of these figures, stating, “These figures are a stark reminder of the importance of having robust cyber security measures. All business leaders should be gripping this issue and taking action now, especially as AI is making the threat more acute. Quite simply, firms cannot afford not to take these steps.”
In a bid to bolster the nation’s cyber resilience, Lloyd has penned letters to the CEOs and chairs of over 180 of Britain’s largest businesses. The objective is to encourage as many organisations as possible to commit to the government’s Cyber Resilience Pledge. This initiative, announced at the National Cyber Security Centre’s (NCSC’s) annual CyberUK conference in April, is set to launch later in the year.
Organisations that sign up to the Cyber Resilience Pledge are required to undertake three decisive actions to enhance their security. These include making cyber security a board-level responsibility, subscribing to the NCSC’s Early Warning service, and obtaining the NCSC’s Cyber Essentials certifications across their supply chains. Lloyd believes that these measures will significantly strengthen businesses’ defences, safeguarding not only the organisations themselves but also their customers and the wider economy.
Despite the grim headline statistics, a closer look at the data reveals some encouraging trends. The percentage of businesses affected by cyber incidents has remained roughly consistent with the previous year and has actually decreased from a peak of 50% in 2023-24. Ransomware attacks against businesses also appear to be on the decline, with only 1% of respondents reporting such incidents, down from 3% a year ago.
Phishing attacks, while still prevalent, have also seen a decrease. This year, 38% of businesses reported being targeted by phishing attacks, a significant drop from 42% two years ago. Impersonation breaches or attacks have also seen a decline, affecting 12% of businesses in 2025-26, down from 17% in 2023-24. Charities, which are accounted for separately in the report, have also experienced significant drops in impersonation attacks or breaches.
In conclusion, while the cyber security threat to UK organisations remains widespread and significant, there are signs of improvement. The government’s efforts to encourage businesses to take proactive steps towards enhancing their cyber security, coupled with a decrease in certain types of attacks, offer a glimmer of hope in an otherwise challenging landscape. However, the battle against cyber threats is far from over, and it is crucial for businesses to remain vigilant and proactive in their cyber security efforts.
