The UK Government has just published the 2025 Cyber Security Breaches Survey, offering a snapshot of how businesses, charities, and schools are managing today’s cyber risks.
Cyber security is still a major concern for UK organisations but this year’s survey reveals some encouraging signs alongside ongoing challenges.
Here’s a look at the key findings and what they might mean for you.
What is the Cyber Security Breaches Survey?
It’s an annual government-backed survey that tracks how UK organisations are handling cyber threats — covering the risks they face, the steps they’re taking, and the consequences when things go wrong.
It’s also used to shape UK policy and help organisations understand where they stand compared to others.
Key Takeaways from the 2025 Survey
1. Cyber attacks are down compared to last year but the threat remains
45% of UK businesses and 26% of charities reported a cyber attack or breach in the past year. That’s actually a small drop from 2024 figures.
This could be down to better awareness, improved security basics, or even a shift in how incidents are reported and categorised. However, medium and large businesses are still the most frequent targets, and it’s important to note that there are still significant cyber risks to organisations of all sizes.
2. Phishing is still the biggest problem
Phishing remains the most common type of attack, affecting 83% of businesses that experienced a breach. These often arrive as convincing emails pretending to be from someone you trust and can open the door to much bigger problems.
Want to know how to spot a phishing email? Check out our guide here: How to spot a phishing email
3. The financial cost of breaches keeps rising
For those affected by a breach, the average cost is now £1,650. This is up from £1,205 last year. Larger businesses face even bigger costs, averaging £12,590, underlining the financial risks of poor protection.
4. Cyber hygiene is improving but many are still unprepared
It’s good to see more organisations using antivirus software, firewalls, and strong passwords.
But only 22% have a formal incident response plan in place, meaning most businesses still don’t have a clear plan if a cyber attack happens.
5. Cyber insurance uptake is still low
Even though more businesses are aware of cyber risks, only 41% have cyber insurance. That means many are still at risk of serious disruption and financial loss without any protection in place.
If you would like to read the full report, it’s available here: 2025 Cyber Security Breaches Survey
Why this survey matters for business owners
This year’s survey is a clear reminder that business owners and leaders need to stay alert to phishing threats, which remain the most common form of attack.
It’s important to keep reviewing and strengthening the basics, like antivirus software, firewalls, and password policies. Every organisation should have a proper incident response plan in place, so they’re ready to act if something does go wrong.
On top of that, it’s worth considering whether cyber insurance is the right move for your business, if you haven’t done so already.
Cyber attacks may have gone down a bit since last year, but the threat is still very real. Acting now could save your business time, money, and protect your reputation later on.
Need a Hand?
If you’re unsure whether your organisation is properly protected, Coretek can help. From audits and advice to managed security services and incident response planning, we’ll make sure you’re ready for whatever comes next. Get in touch today.