On 10 April 2025, the Government published its latest Cyber Security Breaches Survey. The tenth edition of the study was commissioned by the Department for Science, Innovation and Technology (DSIT) and the Home Office and aims to summarise key trends in the prevalence and impact of cyber breaches, cyber security awareness, approaches to risk management, and incident response among UK businesses and charities. While the report acknowledges that progress is being made, it highlights that persistent vulnerabilities remain – cyber threats are a constantly evolving target and smaller organisations and certain sectors sometimes lag behind.
Trends in cyber breaches and cyber crime
The Cyber Security Breaches Survey notes a slight decrease in the prevalence of cyber breaches and attacks compared to the 2024 report - 43% of businesses and 30% of charities surveyed have experienced a cyber breach or attack in the last 12 months. The driving factor behind this decrease however, is a decrease in the breaches reported by micro and small businesses - cyber breaches and attacks remain prevalent among medium and large businesses and charities. Phishing remains the most common type of attack by a significant margin, but the methods used by attackers are increasingly more sophisticated, with AI-powered impersonation being a particularly concerning development for respondents.
Cyber crime figures have remained largely consistent with the previous year, but some interesting new trends have emerged. Ransomware incidents have doubled – the number of businesses affected has increased from 0.5% to 1%. Further, businesses and charities that have experienced cyber crime are likely to be targeted again, indicating a high level of concentration of cyber crimes against certain organisations.
Role of the board
Cyber security remains a key priority for the majority of businesses and charities. Large and medium-sized organisations in particular demonstrate a higher prioritisation of cyber security compared to businesses overall – 92% of medium businesses and 96% large businesses consider it a high priority, compared to 72% of businesses overall.
In terms of the role of the board, larger organisations are more likely to have structured and formal board engagement. This includes informing the board on cyber by way of regular cyber security reports, having cyber as a standing agenda item at board or subcommittee meetings, and/or reviewing cyber as part of the regular risk register review.
Interestingly, there has been a consistent decline in board members being specifically assigned cyber responsibilities. Only 27% of businesses surveyed had board members with responsibility for cyber security. This compares to 30% last year and is down from 38% in 2021 (although the figure is higher among larger businesses at 66%). The decline may, however, simply reflect the fact that boards see cyber as a general issue for all to consider rather an issue to be specifically assigned to one board member.
The findings of the Cyber Security Breaches Survey highlight that it is increasingly important that boards are educated on cyber risk. The organisations surveyed frequently mentioned that only some board members had technical knowledge of cyber. In some cases, the board members responsible for cyber did not necessarily understand it. The survey notes that it is crucial that companies address this knowledge gap. Ensuring that all members of the board have an understanding of cyber can help boards make important decisions, for example surrounding budgets, while being aware of the full impact of their decisions on the organisation’s cyber security.
The findings of the study also suggest that senior management involvement in cyber also has positive repercussions for cyber security throughout the business. It is highly valued by employees on the ground, and is important for the quick adoption of new measures and the practical implementation of cyber policies, such as securing adherence to policies from the wider staff.
Approaches to cyber security
Larger businesses continue to maintain strong cyber security practices, and are significantly more likely to hold Cyber Essentials certification than smaller organisations. Small businesses have, however, improved their cyber hygiene measures compared to last year – more of them are carrying out risk assessments, taking out cyber insurance (a 13% increase from 2024), adopting cyber policies and business continuity plans and engaging external cybersecurity providers.
Supply chain security remains an area for improvement, with only 14% of businesses reviewing risks posed by immediate suppliers, and 7% carrying out wider supply chain diligence. As with most areas, large and medium-sized businesses were significantly more likely to do supply chain diligence and consider cyber security when purchasing software than smaller and micro businesses.
In terms of technical cyber security controls, most organisations had some basic technical controls, but there is room for improvement in adopting more advanced measures such as two-factor authentication, VPNs and user monitoring.
Dealing with cyber breaches or attacks
With less than 40% of respondents reporting breaches externally, the survey notes that there is a need to encourage more transparent reporting of cyber breaches. Again, larger organisations (particularly in healthcare, finance, insurance and information and communications) are leading the charge when it comes to external in incident response.
In terms of ransomware payment policies, over half (52%) of the businesses surveyed had a rule not to pay in a ransomware scenario. That said, some respondents did not know what their organisational policy was regarding payment. Interestingly, information and communication sector companies in particular were more likely to have a policy of not paying.
Comment
While the Cyber Security Breaches Survey presents just a snapshot of the approach to cyber taken by around 3000 businesses and charities, it is helpful for organisations to see how others are managing cyber risk.
/Passle/5badda5844de890788b571ce/SearchServiceImages/2025-04-16-10-18-08-213-67ff83e0b34a593b4ea48aee.jpg)
/Passle/5badda5844de890788b571ce/SearchServiceImages/2025-04-16-08-46-37-205-67ff6e6d3048bb4711b336b6.jpg)
/Passle/5badda5844de890788b571ce/SearchServiceImages/2025-04-08-11-04-14-779-67f502ae4b2c2478d5c9ed69.jpg)
/Passle/5badda5844de890788b571ce/SearchServiceImages/2025-04-03-11-39-13-478-67ee7361ed2c66a782890734.jpg)