Cyberattacks against UK businesses drop 10%, government survey reveals
- Marijan Hassan - Tech Journalist
- Apr 15
- 2 min read
According to new government data, cyberattacks targeting UK businesses fell by 10% over the past year. However, cybersecurity experts are warning firms not to let their guard down.
The Cyber Security Breaches Survey 2025, released this week by the Department for Science, Innovation and Technology (DSIT) and the Home Office, reveals that 43% of businesses reported experiencing a cyber breach or attack in the past 12 months, down from 50% the year before. That equates to an estimated 612,000 UK businesses affected.
The decline was driven largely by a reduction in phishing attacks among micro and small businesses. However, the report makes clear that larger organisations continue to be heavily targeted, with 67% of medium-sized businesses and 74% of large firms reporting a breach. That’s about the same number as last year.
"Progress, but not victory"
“This is progress, but it’s not victory,” said Eleanor Fordham, one of the survey’s lead analysts. “The drop in attack prevalence is encouraging, but it may reflect shifting attack patterns more than improved defences across the board.”
Phishing remains the most common and disruptive form of attack, accounting for 85% of all reported breaches. And although overall attack rates declined, the cost of breaches for businesses has grown. A sign that cybercriminals are adapting.
Interviews conducted as part of the study revealed growing concern over more sophisticated attack methods, including AI-powered impersonation scams and ransomware. These doubled in prevalence among businesses since last year as an estimated 19,000 businesses became targets.
A decline in leadership engagement
One concerning trend is a continued decline in board-level responsibility for cybersecurity. Only 27% of businesses reported having a board member responsible for cyber risks—down from 38% in 2021. The figure was higher among large businesses (66%), but experts caution that leadership disengagement could leave organisations exposed.
“This is not just an IT issue. It’s a boardroom issue,” said Rizvi. “Cybersecurity needs to be a core part of business governance.”
Looking ahead
Despite the overall drop in cyber incidents, the government warns that complacency is a real risk. The digital threat landscape is evolving, with new tactics and vulnerabilities emerging constantly.
“Cybersecurity is not a box to tick—it’s an ongoing process,” said the report. “While these findings show some positive momentum, the threat remains significant, and organisations must continue to invest in their digital defences.”
