UK Cyber Security Survey 2025

50% of UK businesses and 32% of charities reported experiencing cyber security breaches or attacks in the past 12 months.

Phishing attacks remain the most common threat, accounting for 84% of all cyber security incidents reported by businesses.

The average cost is £15,300 for businesses and £3,230 for charities, with larger organisations facing significantly higher costs.

Only 31% of businesses have a formal cyber security strategy documented, highlighting a significant gap in organisational preparedness.

The finance and insurance sector reports the highest rate at 77%, followed by information and communications at 69%.

Lack of budget and resources is cited by 42% of businesses, followed by lack of expertise (38%) and senior management engagement (29%).

Best practice recommends at least annual training, but only 54% of businesses provide regular security awareness training to employees.

Approximately 88% of data breaches are caused by employee mistakes, emphasising the critical importance of security awareness training.

Ransomware is malicious software that encrypts data and demands payment. It affected 17% of businesses in 2025, with attacks increasing by 13%.

1) Implementing multi-factor authentication (MFA), 2) Regular security updates and patching, 3) Comprehensive staff training and awareness programs.

ISO 27001 is an international standard for information security management systems, providing a framework for protecting sensitive data and managing security risks.

CyberGP offers ISO 27001 audits, security assessments, OSINT evaluations, phishing campaigns, and comprehensive training to strengthen your cyber security posture.