Cyber attacks drop by nearly 10%
Author: Carly Weller
Four in 10 (43%) of UK businesses and 30% of charities experienced cyber attacks or data breaches in the last 12 months, according to the latest Cyber Security Breaches Survey. While this marks a slight decrease from last year’s 50%, the threat level for medium and large businesses remains alarmingly high.
The average cost of the most disruptive breach was estimated at £1,600 for businesses and £3,240 for charities.
The drop in incidents is attributed mainly to fewer small businesses reporting breaches – but government officials warn against complacency. With cyber threats increasingly targeting critical infrastructure, the UK Government is introducing the Cyber Security and Resilience Bill, compelling organisations to strengthen their digital defences.
The survey found that 70% of large businesses now have a formal cyber strategy in place, compared to just 57% of medium-sized firms – exposing a potential gap in preparedness among mid-sized enterprises.
There has been a notable improvement in cyber hygiene practices among smaller businesses, with rising adoption of risk assessments, cyber insurance, formal cyber security policies and continuity planning.
These steps are seen as essential in building digital resilience across the UK economy.
However, the number of high-income charities implementing best practices such as risk assessments has declined. Insights suggest this may be linked to budgetary pressures, limiting their ability to invest in adequate cyber security measures.
Sawan Joshi, Group Director of Information Security at FDM Group, comments, “Keeping banking systems online is becoming more challenging, and technology alone isn’t enough. Skilled IT teams are crucial for spotting risks early and responding quickly to prevent disruptions. Organisations need to invest in ongoing training so their staff can strengthen system defences and recover fast when issues arise. A mix of advanced monitoring, backup systems, and a well-trained workforce is key to keeping services running and maintaining customer trust.'”
The Government has also confirmed that UK data centres are now officially designated as critical national infrastructure. This means they will receive the same priority in the event of a major incident – such as a cyber attack – as essential services like water and energy.
