2025/26 breaches survey shows cyber threat remains widespread
The latest Cyber Security Breaches Survey shows that 43% of businesses and 28% of charities experienced a cyber breach or attack in the past 12 months.
Medium (65%) and large (69%) businesses were more likely to report a breach than micro (42%) and small (46%) businesses. Among organisations that experienced a breach, 29% reported attacks occurring at least once a week. The proportion of breached businesses reporting a loss of revenue or share value rose from 2% to 5%.
Phishing remains the most common type of attack, affecting 38% of UK businesses and 25% of charities. Ransomware attacks declined among businesses, but increased among charities and had a greater impact on some organisations.
The survey also found that nearly a third (31%) of businesses are using, adopting, or considering artificial intelligence (AI). However, only 24% of these businesses have cyber security measures in place to manage the associated risks.
For detailed findings, read the full Cyber Security Breaches Survey 2025/26.
Reduce your cyber risk
Businesses can take practical steps to reduce cyber risk and strengthen their defences
- Use the National Cyber Security Centre (NCSC) free guidance to understand common threats and how to respond.
- Sign up to the NCSC Early Warning service to receive alerts about potential cyber threats.
- Achieve Cyber Essentials certification to protect against the most common attacks and demonstrate good security practice.
Find out what actions to take and access step-by-step guidance on cyber security for business.
First published 26 May 2026
