Government urges organisations to continue to boost their online resilience
Cyber security breaches and attacks remain a common threat, but smaller organisations are identifying them less than last year. This may be down to the impact of the economic climate rather than a reducing threat.
One in three businesses (32 per cent) report having cyber security breaches or attacks in the last 12 months, according to the survey from the Department for Digital, Culture, Media and Sport (DCMS).
The Cyber Security Breaches Survey 2023 report showed that breaches or attacks were relatively unsophisticated. The most common breaches or attacks were related to: phishing emails, instances of organisations being impersonated online, viruses or other malware including ransomware.
The 2025 Cyber Security Breaches survey report: Cyber security breaches survey 2025 – GOV.UK. The report showed that just over four in ten businesses (43%) and three in ten charities (30%) reported having experienced any kind of cyber security breach or attack in the last 12 months. The prevalence of cyber breaches and attacks in medium and large businesses remains high and phishing attacks remain the most prevalent and disruptive type of breach or attack.
Cyber Security guidance
The upcoming Cyber Security and Resilience Bill (2025) has been presented to Parliament but has not yet been enacted into law. The Bill aims to strengthen the UK’s cyber defences, protect critical infrastructure and essential digital services, and address vulnerabilities in the current regulatory framework, which is based on the 2018 NIS Regulations inherited from the EU.
The government also encourages businesses, charities and educational institutions to continue to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). It includes advice on the secure use of video conferencing, secure home working and protecting your business.
