Almost Half of UK Businesses Hit by Cyber Attacks

The latest UK Cyber Security Breaches Survey reveals a sobering picture: nearly half of all businesses reported a breach or attack in the last 12 months, with large enterprises hit hardest at 69%. While the overall incidence mirrors the previous year, the data shows modest improvements in specific vectors—ransomware dropped to 1% and impersonation attacks fell to 12% from 17%. Yet phishing remains dominant, compromising 38% of firms and continuing to be the most disruptive threat, underscoring the need for more sophisticated email defenses.

In response, the government has launched a Cyber Resilience Pledge aimed at embedding cyber hygiene at the board level. Signatories must adopt three concrete steps: elevate cyber security to a board responsibility, subscribe to the National Cyber Security Centre’s free Early Warning service, and secure Cyber Essentials certification across their supply chains. While the pledge targets large firms, SMEs—who historically lag in risk assessments and continuity planning—face a widening resilience gap. The push coincides with heightened AI adoption, a factor officials warn could amplify attack surfaces if security lags behind innovation.

For investors and industry leaders, the rising share‑value and revenue impacts—now affecting 5% of firms—signal that cyber risk is material to financial performance. A coordinated national voice, streamlined guidance, and mandatory board oversight could close the current action‑intention gap. Companies that proactively adopt the pledge are likely to gain a competitive edge, reduce insurance premiums, and protect brand reputation in an increasingly digitised UK economy.