Results from the Cyber Security Breaches Survey 2025

InsuranceCyberAll
Written By
Close up of a computer screen with a hand cursor about to select a 'Security' option

The UK government's Cyber Security Breaches Survey 2025 published recently, offers an insightful overview of the cyber threat landscape affecting UK businesses, charities, and educational institutions. Some of the key takeaways are presented below.

Cyber attacks remain a major concern:

  • 43% of businesses and 30% of charities reported experiencing a cyber security breach or attack in the past 12 months.

  • Smaller organisations are less likely to identify breaches or attacks than larger ones.

Common types of attacks:

  • By far the most common type of breach or attack is phishing, reported by 84% of businesses and 83% of charities.

  • Impersonation of the organisation or staff was reported by 35% of businesses and 37% of charities.

  • Malware attacks, including viruses and spyware, were reported by 17% of businesses and 14% of charities.

Frequency and impact:

The frequency of attacks is significant:

  • Around half of businesses (52%) said they experienced a breach or attack at least once a month, and one in three said it happened at least once a week (29%).

Financial implications

The financial impact of cyber breaches varies:

  • The average short-term direct cost of most disruptive breach or attack for medium/large businesses over the last 12 months is around £4,200.

  • For micro/small businesses the cost is around £3,040.

  • Additional, long-term costs may include:

    1. any payments to external IT consultants or contractors to run cyber security audits, risk assessments or training

    1. the cost of new or upgraded software or systems

    1. recruitment costs if you had to hire someone new

    1. any legal fees, insurance excess, fines, compensation, or PR costs related to the incident

Organisational preparedness

The survey highlights areas where organisations can improve:

  • Only 36% of businesses and 35% of charities have a formal cyber security policy in place.

  • Around 45% of businesses and 34% of charities are insured against cyber risks, indicating that over half remain uninsured.

Benefits of cyber insurance can include:

  • Pre-loss system monitoring

  • Revenue protection Emergency support 24/7/365

  • Malware removal Post-loss recovery costs

  • PR costs and reputational harm cover

  • Cover for penalty notices such as ICO fines Ransom negotiation and payments

Example of how cyber insurance can help you:

Protecting your data

A data breach can occur when a business's sensitive information is accessed by unauthorized individuals. This can lead to identity theft, financial loss, and damage to the business's reputation. Cyber insurance can help cover the costs associated with a data breach, including legal fees, notification costs, and the cost of providing credit monitoring for affected individuals.

Increasing risk of ransomware attacks

Ransomware attacks are becoming increasingly common among businesses of all sizes. Ransomware is a type of malware that encrypts a business's files and demands payment in exchange for the decryption key. Cyber insurance can help businesses recover from a ransomware attack by covering the cost of data recovery and ransom payments.

Disrupting your day-to-day

Businesses are also at risk of business interruption due to cyber attacks. For example, if a business's website is taken down by a DDoS attack, they may lose revenue from online sales. Cyber insurance can help cover the costs associated with business interruption, including lost income and extra expenses incurred to get the business back up and running.

Additional layer of protection for businesses 

It's important to note that cyber insurance is not a substitute for cybersecurity measures. Businesses should still take steps to protect themselves from cyber threats, such as implementing strong passwords, encrypting sensitive data, and training employees on cybersecurity best practices. However, cyber insurance can provide an additional layer of protection for businesses that may not have the resources to implement robust cybersecurity measures.

As a member of Bravo Networks we're continuously looking for ways in which we can help our members grow and protect their business, stay tuned to hear more about our initiative when it comes to cyber insurance.

If you'd like to learn more about the findings of the survey, read here.

Next

Why your key decision makers need a Management Liability Policy