20 Shocking Cybersecurity Stats You Need to Know in the UK — 2025 Edition

The cybersecurity landscape in the UK has never been more urgent. From skyrocketing costs to evolving AI threats, these 20 stats will shock even the most informed readers.

1. Nearly Half of Businesses Breached

43% of UK businesses reported cybersecurity breaches in the last year—climbing to 70% for medium and 74% for large firms.

2. Millions of Cyber Crimes

UK businesses faced an estimated 8.58 million cyber crimes, with charities affected by roughly 453,000 incidents over the past year.

3. Phishing Still Dominates

A staggering 93% of cyber crimes against businesses and 95% for charities were phishing-based.

4. Ransomware on the Rise

Those affected by ransomware jumped from under 0.5% in 2024 to 1% in 2025, which translates to approximately 19,000 UK businesses.

5. Average Cost of Cyber Crime

Non‑phishing cybercrimes cost businesses around £990 on average, rising to £1,970 when excluding zero-cost responses.

6. Cyber‑Facilitated Fraud Hits Hard

Though only 3% of businesses (and 1% of charities) were victims, cyber-enabled fraud cost those businesses an average of £5,900, and up to £10,000 excluding zero-reports.

7. Repeat Victimisation

Victimised businesses endured an average of 30 cyber crimes per year, with charities receiving around 16, while the median for both was 4.

8. SMEs Face Explosion of Attacks

Small businesses face around 65,000 hack attempts daily, with about 4,500 successful breaches.

9. Sky‑High Economic Toll

Cybercrime costs the UK economy approximately £27 billion annually, with average incident costs for medium businesses at £10,830.

10. Phishing Prevalence in SMEs

84% of SMEs that reported breaches faced phishing attacks, and ransomware incidents surged by 70% compared to prior years.

11. Cyberattack Cadence

On average, UK businesses encounter a cyberattack every 44 seconds—a 5% increase from the previous year.

12. Weighing Heavily on Critical Sectors

The healthcare sector is the most targeted for ransomware, receiving 37% of such attacks globally .

13. Clouds of Vulnerability

81% of organizations faced a cloud-related security incident, and 45% of breaches stemmed from misconfigurations .

14. Supply Chain Risks Amplified

Supply chain attacks spiked by 35%, while 45% of global organisations expected to face such threats by 2025.

15. AI-Driven Threats Soar

AI is fundamentally reshaping risks—attackers are using it for malware and phishing, while defenders deploy AI for detection and response.

16. Business Leaders Held Accountable

A whopping 91% of cybersecurity professionals believe that ultimate security responsibility lies with the board—and 56% say senior management should face penalties for major failures.

17. UK Firms Lag in Resilience

93% of UK companies experienced a critical cyber incident—higher than the global 86%. Yet they’re 21% less likely to have dedicated recovery environments, and 11% less likely to have tested recovery plans.

18. MSPs Keep a Ransom Fund

45% of MSPs admit to holding a ransom kitty to pay demands, with AI threats now their top worry—44% cite AI as their chief concern.

19. Insurance Gap in the Market

About 50% of UK and Irish businesses have no cyber insurance, despite rising ransomware and other threats. Average claims can exceed $115,000 globally—and $812,000 for larger firms.

20. Schools & NHS Under Siege

60% of secondary schools were breached in the past year, with nearly 20% suffering system misuse. NHS systems have also suffered high-impact breaches, forcing procedure cancellations and raising national security concerns.

Conclusion

These stats underscore a chilling reality: cyber threats are not just growing—they’re evolving. From AI‑powered attacks and supply chain breaches to board-level accountability and insidious targeting of schools and the NHS, the risk landscape is more treacherous than ever.

Key takeaways for UK stakeholders:

• Embrace AI-driven defence tools.

• Adopt robust governance—with board-level ownership and clear frameworks.

• Focus on resilience—recovery plans, cyber insurance, and supply chain oversight aren’t optional.

Cybersecurity is no longer just a tech issue—it’s a national imperative.