UK
We've curated 293 cybersecurity statistics about the UK to help you understand how data breaches and cyber threats are shaping the landscape of digital security practices in 2025.
Showing 21-40 of 293 results
The proportion of businesses and charities experiencing any negative outcome following a breach or attack has remained consistent with 2024/2025 (19% for business and 11% for charities in 2025 compared to 16% for both businesses and charities in 2024/2025).
43% of UK IT decision makers report having some governance for agentic AI but with gaps.
The most commonly cited individual source of information remained external cyber security or IT consultants/providers (27% of businesses and 13% of charities).
Seeking external information or guidance on cyber security was reported by 44% of businesses and 31% of charities.
Around one in seven businesses (14%) and one in five charities (22%) said they held personal data that was not protected by techniques such as anonymisation or encryption, suggesting that the majority do protect personal data (77% of businesses and 69% of charities).
A formal cyber security strategy was in place for almost six in ten medium businesses (57%), rising to seven in ten large businesses.
Adoption of more advanced controls like two-factor authentication (47% businesses and 38% charities), a virtual private network for staff connecting remotely (36% businesses and 17% charities) and user monitoring (30% businesses and 31% charities) remain lower than other measures.
There has been an increase in businesses reporting that the breach or attack led to loss of revenue or share value (2% in 2024/2025 to 5% in 2025/2026) and an increase in those reporting it resulted in reputational damage (1% in 2024/2025 to 3% in 2025/2026).
Ransomware attacks among businesses have declined compared with the previous two years (1% this year down from 3% in both 2024/2025 and 2023/2024)
Just over four in ten businesses (43%) and around three in ten charities (28%) reported having experienced any kind of cyber security breach or attack in the last 12 months.
Around eight in ten businesses (81%) and charities (84%) said they informed directors or trustees following an incident, and 62% of businesses and 73% of charities said they kept an internal record of the incident.
The majority of businesses and charities have implemented basic technical controls, such as updated malware protection (81% businesses and 63% charities), backing up data securely via a cloud service (74% businesses and 57% charities), password policies (74% businesses and 56% charities), network firewalls (74% businesses and 45% charities) and restricted admin rights (73% businesses and 65% charities).
The median perceived cost of the most disruptive breach or attack was £0 for businesses and £0 for charities, increasing to £30 for medium and large businesses.
The proportion of charities experiencing a takeover has decreased from 3% in 2024/2025 to 1% this year (although was in line with 2% in 2023/2024).
The larger the business, the more likely they were to experience cyber crime (17% of micro businesses, 24% of small businesses, 41% f medium businesses and 48% of large businesses).
19% of US executives and 20% of UK executives express confidence in cross-sector collaboration with suppliers and partners during disruption events
Around 60% of US organisations, around 60% of UK organisations and 54% of German organisations say legacy technology still forms a significant part of their operations
87% of UK IT decision makers already use agentic AI systems, compared with 91% in France and 90% in Germany.
67% of UK IT decision makers report having a defined exit strategy if their primary AI provider were to restrict service access.
43% of UK organisations with a defined exit strategy still expect a moderate or significant impact on business continuity if their primary AI provider restricts service access.