The Department for Science, Innovation & Technology and the Home Office released the Cyber Security Breaches Survey 2025. They gathered responses between August and December 2024 from businesses and charities of different sizes. Their questionnaire covered phishing events, malicious software, and other unwanted digital activities.
Results show that 43% of private enterprises and 30% of charitable bodies had one or more breaches or attacks over the past 12 months. This finding is lower than the 50% mark for private enterprises the previous year. Officials traced the drop to fewer small and micro operations flagging phishing attempts, while medium and large ones showed limited change.
Organisations taking part in the interviews cited multiple factors for changes in reporting, and this includes stronger guidance on scam awareness and greater caution when opening emails. Staff training is said to have been introduced to block potential intrusions at an earlier stage, which might have helped to keep unwanted incidents away.
The report also calculates the average financial losses for the worst breach. That cost, based on surveys, is around £1,600 for each business and £3,240 for charities. Analysts at DSIT and the Home Office note that overall expense can climb higher once extra staffing and outside technical help are taken into account.
How Are Different Groups Affected?
DSIT organises charities according to annual income. Low-income ones are around 24%, mid-level hit 42%, and high-income reach 64%. A similar pattern can be seen for businesses, with higher revenues matching higher incident rates.
In interviews, staff from smaller companies mention budget limits hamper training and software updates. Meanwhile, large corporations often fund dedicated security teams who run penetration tests and invest in detection tools. That divide in resources can shape outcomes.
More from News
- How The UK Government Is Helping With Employment Reform
- What Are The Data-Related Risks Of Period Tracker Apps?
- Investment in UK Businesses Up 3% This Year
- How Much Water Does ChatGPT Actually Use?
- Why Is Tesla Facing Legal Action In Australia?
- How AI Is Helping Scammers Enrol Fake Students To Get College Funding
- Syria Set to Rejoin SWIFT International Payment System
- Searches For ‘Sell Tesla’ Up 372% As Donald Trump and Elon Musk Feud Goes Viral
Medium operations confirm frequent phishing messages, as well as sporadic ransomware attempts. A fraction admit paying ransoms, though law enforcement advises against that. Health and social care organisations record heightened vigilance because patient data must stay protected.
Micro businesses report less sophisticated strikes, but staff sometimes lack technical knowledge to apply consistent safety measures. Numerous depend on outside IT firms for basic support. According to the survey, these external contracts help block plenty of threats early.
Could Phishing And New Laws Change The Story?
Phishing stays the top culprit in reported breaches, hitting 85% of affected firms and 86% of charities. Attackers send fraudulent emails or direct users to cloned login pages. This tactic leads to credential theft or malware installs.
Training is reported as a strong preventive measure, and staff spots odd phrasing, suspicious links, or from-address mismatches. However, artificial voice systems and deepfake images can trick recipients, creating confusion and draining time.
DSIT data shows a smaller breach might run under £1,000, but extensive intrusions climb far higher. Extra staffing or outside consultants add to the bill. Meanwhile, charities with tight budgets mention painful trade-offs.
Another theme of the survey involves the planned Cyber Security and Resilience Bill, which intends to tighten obligations. Campaigners state the Computer Misuse Act from 1990 needs an overhaul, since it predates cloud tech. They propose clearing a path for ethical testing.
DSIT continues to advise routine staff training, data backups, password rules, and malware protection. Officials confirm around 612,000 UK businesses and 61,000 charities faced a cyber intrusion in the last year.
