Each year, the UK Government’s Cyber Security Breaches Survey provides a crucial snapshot of the nation’s digital risk landscape. The 2025 edition is no exception, and its findings should prompt serious reflection, especially among small and medium-sized businesses (SMBs) and charities.
Cyber threats continue to evolve in scale, sophistication, and financial impact. While reported incidents dipped slightly this year, the cost of cyber breaches is rising, and the complexity of attacks, particularly ransomware and phishing, is increasing.
In this deep dive in to the UK Cyber Security Breaches Survey 2025, we unpack the key insights, with a specific focus on the financial impact for UK organisations, the gaps that persist in cyber risk management, and the strategies being adopted to help mitigate the growing cost of cyber attacks, especially for resource-constrained SMBs and charities.
Cyber Attacks: Fewer Victims, But More Expensive Breaches
According to the UK Cyber Security Breaches Survey 2025, 43% of UK businesses and 30% of charities experienced a cyber breach or attack in the last 12 months. That’s a slight drop compared to 2024, but it doesn’t mean the situation is improving overall.
What’s changed is the cost and impact of the attacks that do succeed.
The report shows that the financial consequences are rising sharply, especially for incidents that result in significant disruption. Importantly, the government’s analysis is based not on the total cost of all attacks, but on the average cost of the single most disruptive breach per organisation, a critical distinction that underscores the seriousness of even one successful attack.
Key Cost Statistics from the 2025 Report:
| Metric | 2025 | 2024 |
|---|---|---|
| Average cost of most disruptive breach (all businesses) | £1,600 | £1,205 |
| Excluding £0 responses (more accurate estimate) | £3,550 | – |
| Average cost for disruptive breaches (high impact) | £8,260 | £6,940 |
| Average cost for charities (high impact) | £8,690 | ~£6,200 (est.) |
These figures show an increase on last year, with the average cost of a serious cyber breach rising by over 19% in businesses and even more for charities. For many small organisations operating on tight budgets, such costs can be existential.
The Rising Threat Landscape: Phishing, Ransomware & Human Error
Phishing remains the most prevalent attack vector, with 85% of affected businesses and 86% of charities citing it as the root cause. However, the surge in ransomware is perhaps the most concerning trend in this year’s report.
Ransomware attacks increased significantly between 2024 and 2025, reflecting global trends where attackers are more frequently targeting smaller organisations that are less well-defended, but still hold valuable data.
Other insights include:
- 20% of businesses and 14% of charities fell victim to cyber crime, not just “incidents”
- Internal breach reporting is common, but external reporting remains low, meaning many incidents are never shared with regulators or peers, limiting broader awareness and response
- Only 14% of businesses and 9% of charities assessed supply chain cyber risks, despite supply chains being a major vulnerability
Cyber Governance Still a Challenge
Although 72% of businesses and 68% of charities consider cybersecurity a board-level priority, there has been a decline in board-level responsibility for cyber risk. This raises concerns about long-term resilience planning, particularly as many organisations may still be underestimating the financial and operational risks posed by cyber threats.
Cyber hygiene has improved slightly in small businesses, with increased adoption of basic practices like cyber insurance, risk assessments, and patch management. However, high-income charities, perhaps assuming that internal IT is sufficient, have reported a decline in key security measures, making them more vulnerable despite having more to lose.
Why the Cost Is Rising
The upward trend in breach costs could be attributed to several factors:
- More complex attacks causing greater disruption (e.g., ransomware encrypting critical systems)
- Longer detection and recovery times, especially in under-resourced organisations
- Increased legal and reputational consequences, particularly where GDPR fines could play a part
- Higher ransom demands and extortion tactics
Even a minor disruption can now have cascading effects, lost sales, damaged reputation, service downtime, customer churn, and in regulated sectors, non-compliance penalties.
Importantly, these cost estimates represent the most disruptive breach only. Most businesses experience multiple minor incidents annually. The real total annual cost of cyber insecurity is far greater than the numbers reported.
How Small and Medium Organisations Are Fighting Back
Despite the growing threat and rising costs, the 2025 survey also shows that many SMBs and charities are proactively improving their cyber resilience.
1. Incident Response Planning
A well-documented and tested Incident Response Plan (IRP) allows organisations to respond swiftly to breaches, reducing downtime and associated costs.
- Why it matters: Organisations without IRPs often take longer to detect and contain breaches, increasing the financial impact.
- Best practices: Define clear roles, escalation paths, communication strategies, and recovery procedures.
2. Zero Trust Security
The Zero Trust model assumes no user or device is inherently trustworthy, every access request must be verified continuously.
- Why it matters: It helps mitigate credential theft, lateral movement within networks, and insider threats.
- Adoption tip: Start small with segmentation and identity-based access controls before scaling.
3. Security AI & Automation
AI-driven tools (e.g., SIEMs, EDRs, and automated threat detection) help monitor, identify, and respond to threats in real-time.
- Why it matters: They can reduce response time from hours to minutes, minimising the cost of damage.
- What to look for: Choose tools that integrate well with existing systems and offer MSSP support for tuning and incident triage.
4. Multi-Layered Defense
Also known as defense-in-depth, this strategy layers multiple security controls across endpoints, networks, and cloud services.
- Examples include:
- Firewalls
- Antivirus/EDR
- Multi-Factor Authentication (MFA)
- Secure DNS filtering
- Email security and phishing protection
- Why it matters: No single tool is infallible. Layering increases your chances of detection and prevention.
5. Regular Risk Assessments
Continuous assessment of cyber risks allows organisations to stay ahead of evolving threats and plug new vulnerabilities quickly.
- Why it matters: Static, once-a-year assessments are outdated and leave gaps.
6. Employee Cyber Awareness Training
People remain the target. Even with the best tools, a single click on a phishing email can cause massive damage.
- Why it matters: 85% of successful breaches start with phishing.
- Solution: Invest in ongoing, role-specific training with simulated phishing tests.
7. Data Backup & Recovery
Secure, off-site or cloud-based backups are essential for bouncing back from ransomware and data loss.
- Why it matters: Ransomware actors often target backups.
- Best practice: Follow the 3-2-1 rule (3 copies, 2 different formats, 1 offsite). Test restores regularly.
A Growing Role for MSSPs in Cyber Risk Reduction
The 2025 Cyber Security Breaches Survey clearly shows that cybersecurity is no longer a niche IT concern, it’s a core business risk that affects every aspect of operations, from service delivery to legal liability.
For Managed Security Service Providers (MSSPs), the survey confirms that demand is growing for:
- Strategic advisory services (e.g., cyber risk maturity assessments)
- Managed detection and response (MDR)
- Security operations centre (SOC) services
- Compliance support (e.g., for DSPT, NIS2, ISO 27001)
- Awareness training as a service
- Supply chain security assessments
As SMBs and charities struggle to keep pace with both threats and regulatory expectations, MSSPs are in a unique position to offer not just technology, but resilience-as-a-service.
Final Thoughts: The Breach is Inevitable, The Damage Doesn’t Have to Be
The 2025 Cyber Security Breaches Survey should be a wake-up call for UK organisations, particularly smaller ones. The frequency of attacks may be declining slightly, but the impact is growing fast. One successful breach can cost thousands, if not more.
But there is good news: awareness is rising, and many businesses are taking smart, strategic steps to reduce risk and recover faster.
Find more of our SMB security guidance here
Comments are closed