Cyber crime is no longer exceptional - it’s an everyday challenge for UK businesses and charities.
Here’s what this year’s data reveals, and what you can do to stay ahead.
Cyber crime is any illegal activity involving computers, networks, or digital information.
According to the UK’s Computer Misuse Act 1990, cyber crime includes hacking, unauthorised access to systems, data theft, ransomware, and attacks that damage digital infrastructure.
The 2024 UK Cyber Breaches Survey measured not just attempted attacks, but specifically those that amounted to crime - where an organisation’s defences were breached with intent or harm occurred.
Phishing, hacking, and ransomware top the charts.
Today, even small businesses aren’t immune to cyber threats.
Attackers increasingly target organisations of every size - and the impact can go far beyond IT.
Financial losses, fraud, data breaches, and business disruption are all very real risks.
Understanding the scope and nature of cyber crime helps you make informed choices about how to protect your business, customers, and reputation.
Let’s break it down:
Recent survey data shows that while phishing dominates the landscape (90% of cyber crimes), more aggressive attacks like ransomware or direct hacking are still in play - especially for large firms.
Good cybersecurity isn’t just about stopping attacks at the gate.
It’s about:
With a solid incident response plan and layered defences, you can bounce back more quickly - and limit any fallout.
Here’s what the UK Cyber Breaches Survey uncovered:
Most crimes caused small or moderate losses, but for a minority the costs were crippling - especially where attacks led to fraud.
When a major breach hits, organisations almost always take action - but after less serious incidents, 39% of businesses did nothing to adapt or improve controls. This highlights how easy it is to react rather than prepare.
If you want to lower your risk, consider these steps:
You don’t need a huge IT budget to get started - many steps are low-cost, but require consistent follow-through.
Regulators expect organisations to act responsibly.
The UK Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC) both publish essential guidance - not just for compliance, but for security by design.
Major sectors such as finance, healthcare, and utilities face stricter controls and reporting duties.
If you operate in these fields, extra care is warranted.
Staying up to date with frameworks like Cyber Essentials should be standard practice for sensitive sectors.
Cyber crime is now routine for UK organisations - but that doesn’t mean you’re powerless.
Most attacks are preventable or manageable.
If you invest in fundamental controls and keep them current, you reduce risk to your business, clients, and partners.
Don’t wait for a crisis to act.
The best-prepared teams respond quickly and calmly when incidents happen, taking each breach as a learning opportunity to get stronger.
The latest national data shows that one in five businesses, and one in seven charities, fell victim in the last year.
Rates are even higher for large and data‑rich organisations.
Phishing is far and away the most common method used in real‑world attacks.
Training and awareness are your best defences.
Yes. Even though large firms are prime targets, attackers know smaller companies can be softer targets.
Every organisation needs to cover the basics.
Not always. Most affected businesses suffered losses under £1,000, but a minority reported much larger hits, especially if fraud followed an attack.
UK Cyber Security Breaches Survey 2024, Gov.uk, 2024
Information Commissioner’s Office (ICO)
National Cyber Security Centre (NCSC)
Financial Conduct Authority (FCA)
Sam Kendall, 25.03.2025