The latest statistics indicate a positive trend in the UK’s battle against cyber threats, as the proportion of businesses reporting cyber attacks and data breaches has decreased from 50% to 43% over the past year. This notable reduction has been attributed by a government study to the “observed strengthening of cyber hygiene among small businesses.” It suggests that these organizations are increasingly aware of best practices in cybersecurity, which ultimately contributes to a more secure digital landscape.

Despite this improvement among small businesses, the overall prevalence of cyber crime across UK businesses and charities of various sizes has remained stable year-over-year, as highlighted by the same government study. Phishing continues to be the dominant form of cyber crime, representing the most common attack or breach faced by organizations. Among the staggering total of 8.58 million cyber crimes reported by businesses, only 680,000 incidents fell outside of the phishing category. In a concerning twist, ransomware attacks in the UK have seen a sharp increase, with the percentage of businesses affected rising from 0.5% in 2024 to 1% in 2025—a worrying trend that underscores the evolving risks in the cyber threat landscape.

The findings were meticulously detailed in the cyber breaches survey conducted by the Department for Science, Innovation and Technology and the Home Office. The comprehensive study gathered insights from 180 businesses and 1,081 charities between the months of August and December 2024, providing a valuable snapshot of the current cyber crime situation within the UK.

UK’s Cyber Crime Statistics by Company Size

While it is encouraging to see a decline in phishing incidents among smaller businesses, the prevalence of cyber incidents among medium and large organizations has remained relatively consistent. Approximately 67% of medium-sized businesses and 74% of large enterprises continue to experience cyber threats. In contrast, the percentage of small businesses and micro-businesses reporting phishing attacks has significantly decreased over the past year. Specifically, the figures dropped from 49% to 42% for small businesses and from 40% to 35% for micro-businesses between 2024 and 2025. This shift indicates that these smaller entities are increasingly adopting essential cybersecurity measures, such as risk assessments, cyber insurance, and comprehensive cyber security policies in tandem with sound business continuity plans.

Additional government data further reveals a striking correlation between the size of an organization and its vulnerability to cyber crime. Larger organizations are statistically more likely to fall victim to cyber attacks, as cyber criminals tend to seek substantial financial rewards and are less inclined to target smaller firms with fewer assets and lower data value.

SEE: UK Announces ‘World-First’ Cyber Code of Practice

Cyber Budgets Now Pitched to Boards with Fewer In-House Experts

One particularly interesting observation from the government survey relates to the governance of cybersecurity within UK organizations. Only 27% of these entities have a cyber specialist represented on their board of directors, showcasing a notable decline from 38% in 2021. This statistic indicates that many technical teams now find themselves needing to present their cybersecurity needs to board members who may not be specialists in the field, complicating the process of securing necessary investments in cyber defenses.

An IT and Digital Services Manager at an unnamed charity emphasized the challenges faced in this environment, stating that their board is “very involved” but does not grant them “full autonomy” in decision-making processes concerning cybersecurity initiatives. The manager commented on the necessity of maintaining a constant dialogue regarding the importance of cybersecurity efforts, saying, “This is why we’re doing it.” Furthermore, a cyber architect from a medium-sized company indicated that “nothing gets approval” without first making a formal pitch to the board, which includes detailing the specific use case and the anticipated impact on the business.

In such a rapidly evolving landscape, organizations can significantly enhance their understanding and management of cybersecurity complexities with tools like AI legalese decoder. This platform can help demystify legal jargon related to cyber regulations, enabling businesses to better comprehend their compliance obligations and take proactive steps to bolster their cyber defenses. By simplifying complex legal language, AI legalese decoder empowers organizations to make informed decisions about their cybersecurity policies and effectively communicate these issues to their boards, thus facilitating necessary investments and improvements in their cybersecurity posture.