The proportion of companies in the United Kingdom informing cyber attacks and data violations has decreased from 50% to 43% in the last year. A government study has attributed this to the “observed strengthening of cyber hygiene among small businesses.”
The prevalence of cyber crimes in general between the United Kingdom companies and the beneficial organizations of all sizes has remained constant year after year, according to a recent government study. Phishing also remained the most common type of cyber crimes, attack or violation among organizations in the United Kingdom. Only 680,000 of the 8.58 million cybercrime experienced by companies did not classify as Phishing. However, ransomware attacks in the United Kingdom have doubled 0.5% of the companies that experience them in 2024 to 1% in 2025.
The results were published in the Cyber -breeding Survey by the Department of Science, Innovation and Technology and Interior Ministry. Its findings were based on responses from 180 companies and 1,081 charities between August and December 2024.
United Kingdom cyber crimes statistics for company size
Although the prevalence of cyber incidents between medium and large companies has remained relatively consisting of around 67% and 74% respectively, the number of phishing attacks between micro and small businesses has decreased significantly.
In 2024, 49% of small businesses and 40% of micro companies reported phishing attacks, but these figures fell to 42% and 35% in 2025. The study found that they are adopting more and more evaluations of cyber security risks, cybernetic insurance, cyber security policies and business continuity plans.
Government data also showed that the greatest organization, the more likely it will have to experience cyber crimes, which constitutes a subset of all infractions and attacks. Naturally. The attackers are looking for a great payment day, and they are less likely to obtain a smaller companies with limited assets or lower data value.
SEE: The United Kingdom announces the “worldwide practice code”
Cybernetic budgets now launched boards with less internal experts
The government survey made an interesting observation when it came to who is responsible for cyber security in the organizations of the United Kingdom. Only 27% have a cyber specialist in its Board of Directors, marking a significant decrease since 2021 when that same figure was 38%.
This means that many technical teams must now be presented to non -specialists at the Board to request more cyber investment. A manager of digital and IT services in an unidentified charity organization said in an interview as part of the research that its Board is “very involved” and does not give them “complete autonomy.”
“We need to have a constant dialogue about what we are doing, that's why we are doing it,” they said. A cybernetic architect also said that “nothing obtains approval” in its medium -sized company without first making a launch to the Board, describing the exact use case and its commercial impact.
