New authorities analysis exhibits that 43% a cyber safety breach or assault within the final 12 months, equating to roughly 612,000 UK companies.
The determine is identical as in final yr’s report by the Division for Science, Innovation and Know-how.
As in earlier years, medium (65%) and enormous (69%) companies have been extra prone to have skilled a cyber breach or assault, however important numbers of micro (42%) and small (46%) corporations have been affected.
Phishing was probably the most prevalent sort of breach, skilled by 38% of companies. It was additionally probably the most disruptive incident, highlighted as the more serious by 69% of firms.
Amongst these experiencing a cyber incident, phishing assaults have been the one sort that has elevated amongst, companies, from 45% final yr to 51% this yr.
Ransomware assaults on companies declined in contrast with the earlier two years (1% this yr down from 3% in 2024/2025 and 2023/2024) and phishing assaults and impersonation breaches or assaults, while not considerably completely different to final yr, have considerably declined in comparison with two years in the past (38% this yr down from 42% in 2023/2024).
Impersonation breaches or assaults decreased to 12% this yr, down from 17% in 2023.
Though nearly all of corporations have carried out primary cyber protections, akin to up to date malware safety (81%), backing up knowledge securely through a cloud service (74%), password insurance policies (74%), community firewalls (74%) and restricted admin rights (73%), adoption of extra superior and extremely beneficial controls like two-factor authentication (47% companies), a digital personal community for workers connecting remotely (36%) and consumer monitoring (30%) remained decrease than different measures.
The proportion of small companies endeavor cyber safety threat assessments fell to 41%, from 48% in 2024/2025), with having a proper cyber safety coverage overlaying cyber safety dangers virtually declining to 52% from 59%).
Final week, Nationwide Cyber Safety Centre (NCSC) CEO Richard Horne stated in a speech that the UK faces a “excellent storm” for cyber safety.
“The 2 forces of fast technological change and rising geopolitical tensions,” he stated, “are “creating what appears like tumultuous uncertainty”.
On AI, he added: “We all know our adversaries will more and more apply AI tooling. As we now have seen within the media in latest days, frontier AI is quickly enabling discovery and exploitation of present vulnerabilities at scale. Illustrating how shortly it is going to expose the place fundamentals of cyber safety are nonetheless to be addressed, akin to code shipped by tech producers with important vulnerabilities, organisations that aren’t patching with the completeness or urgency they need to or which can be failing to know the nettle of changing outdated legacy methods.”
On world safety, he stated: “We live by probably the most seismic geopolitical shift in trendy historical past.
“As Blaise Metreweli, the chief of MI6, stated in December our world is extra harmful and contested now than it has been for many years.
“We’re working in an area between peace and conflict. And let’s be clear, our on-line world is a part of that contest.”
Las month, expertise Liz Kendall and safety minister Dan Jarvis despatched an open letter on AI cyber threats to enterprise leaders.
The letter stated:
“Each enterprise within the UK has part of play. Criminals won’t simply goal authorities methods and important infrastructure. They’ll goal peculiar firms, of each dimension, in each sector. Attackers go the place defences are weakest.
“The steps organisations ought to take to guard towards AI-driven cyber threats are the identical cyber hygiene measures beneficial for conventional cyber threats. We’re asking each enterprise chief studying this to take the next steps:
“1. Take cyber safety severely, on the very high of your organisation.
“In case your board has not just lately mentioned cyber threat, achieve this at your subsequent assembly after which frequently. This isn’t a difficulty to delegate to your IT workforce and overlook about. This can solely turn into more and more vital. We urge you and your board to make use of the Cyber Governance Code of Practiceto guarantee your organisation is sufficiently protected. Smaller companies must also use the NCSC’s Cyber Motion Toolkit to assist them construct their cyber safety. Not all incidents might be prevented, so it is best to plan and rehearse how your organisation would reply to a major incident, together with consideration of how cyber insurance coverage can assist response and restoration. Free cyber insurance coverage is obtainable to small organisations that acquire Cyber Necessities.
“2. Get the fundamentals proper with Cyber Necessities.
“Most profitable cyber-attacks exploit easy weaknesses: outdated software program, weak passwords, lacking backups. Cyber Necessities is the government-backed certification scheme that protects towards the commonest assaults.
“Organisations that maintain it are considerably much less prone to endure a dangerous cyber incident. For many companies, getting licensed is neither costly nor tough. You must also look to embed Cyber Important necessities throughout your provide chains, and enormous organisations ought to use the NCSC’s Cyber Evaluation Framework.
“3. Comply with NCSC recommendation and signal as much as their Early Warning Service.
“The Nationwide Cyber Safety Centre (NCSC) gives free, sensible recommendation, coaching and steerage at ncsc.gov.uk, for organisations of each dimension. Recommendation may also be issued by Regulators for regulated sectors. Early Warning is a free service from NCSC, which might inform organisations of potential cyber assaults and provides them invaluable time to behave earlier than an incident escalates.
We’re coming into a interval wherein the tempo of technological change might check each establishment within the nation.
“The companies that act now – that deal with cyber safety as a necessary a part of working a contemporary firm, not an non-obligatory additional – would be the ones finest positioned to thrive by it and seize its benefits. We urge you to be amongst them.”
