The median perceived cost of the most disruptive breach or attack was £0 for businesses and £0 for charities, increasing to £30 for medium and large businesses.

The majority of businesses and charities have implemented basic technical controls, such as updated malware protection (81% businesses and 63% charities), backing up data securely via a cloud service (74% businesses and 57% charities), password policies (74% businesses and 56% charities), network firewalls (74% businesses and 45% charities) and restricted admin rights (73% businesses and 65% charities).

The larger the business, the more likely they were to experience cyber crime (17% of micro businesses, 24% of small businesses, 41% f medium businesses and 48% of large businesses).

72% of small businesses experienced fraud, scams, or ransomware last year.

39% of affected small businesses say fraud makes it more difficult to innovate or develop new products.

32% of organizations experienced more than one cyber attack in the last 12 months.

47% report operational shutdown, 41% report data loss, 41% report reputational damage, and 40% report lost revenue as impacts of cyber attacks in the last 12 months.

Nearly 68% of identity crime victims who have not contacted the ITRC have seriously considered self-harm.

21.6% of phishing attacks use redirect chains that route victims through multiple URLs to obscure malicious destinations.

58% of organizations use automated remediation tools for identity-related issues.

Worldwide IT spending is forecast to reaach $6.31 trillion in 2026, increasing 13.5% from 2025.

46.5% of consumers do not trust any company to manage purchases for them

Data center systems spending is forecast to reach $787.99 billion in 2026, growing 55.8% year-over-year.

80% of employees expect to increase their reliance on AI within the next year.

46% of organizations cite data format issues as a top data challenge.

19% of US executives and 20% of UK executives express confidence in cross-sector collaboration with suppliers and partners during disruption events

38% of organisations say board discussions on digital resilience lead to follow-up action

45% of MSPs who reported BYOD-related security incidents cite credential theft or account compromise as a cause

12% of organizations actively using, piloting, or exploring AI say AI is embedded directly within the flow of work.

Around 60% of US organisations, around 60% of UK organisations and 54% of German organisations say legacy technology still forms a significant part of their operations