SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Uk cyberattack ransomware map dark blues red locks data loss
#
Data Protection
#
Ransomware
#
Phishing

Ransomware dominates UK cyber incidents, data loss surges

Tue, 10th Mar 2026
Author image
By Shannon Williams, News Editor

Ransomware accounted for more than half of the cyber incidents handled by Pinsent Masons over the past year. Data loss featured in most cases, with healthcare and retail among the most affected sectors.

The law firm's latest annual Cyber Report found that ransomware made up 52% of cyber-related incidents its specialist Cyber Team managed in the past 12 months. It also found that 59% of cases involved the loss or theft of data, suggesting a shift from short-term disruption towards longer-lasting operational and financial fallout.

Healthcare represented 13% of cases, while retail made up 12%. The report also highlighted greater exposure for organisations that rely on complex, time-critical supply chains, where disruption can quickly cascade across partners and service providers.

Recent high-profile incidents across the UK have underscored that potential impact. Cyber disruptions affecting Co-Op, Marks & Spencer, and Jaguar Land Rover collectively cost more than £1 billion, according to the report, as businesses faced interruption, recovery costs, and wider knock-on effects.

The findings are based on incidents supported by the Cyber Team between January and December 2025. The work included lawyers in Northern Ireland handling local, national, and international matters involving technical, legal, and operational challenges.

Insurance uptake

The report suggests some organisations are preparing more actively for cyber risk. It found that 83% of clients supported by the Cyber Team had cyber insurance in place, pointing to wider board-level engagement with cyber risk management even as attackers continue to raise the stakes.

Ransom demands in the cases reviewed varied widely. The highest recorded demand was USD $5 million, negotiated down to USD $1 million (£731,635). The smallest demand totalled USD $10,000 (£7,316).

Akira was the most prevalent ransomware group in the firm's caseload, appearing in 26% of cases handled by the Cyber Team. This reflects the rapid churn of named ransomware groups and how certain strains can become widespread across sectors in a short period.

Attack methods

Exploitation of vulnerabilities remained the leading cause of cyber breaches, consistent with patterns seen in 2024. The report noted that the precise root cause cannot always be confirmed, which can complicate remediation and reporting decisions after an incident.

Phishing remained a persistent threat. The report emphasised the need for strong technical controls and staff awareness, as attackers combine social engineering with compromised credentials and opportunistic exploitation of weaknesses in systems and processes.

Laura Gillespie, partner and cyber and privacy specialist at Pinsent Masons, said the pace and complexity of threats has increased.

"The past year has shown just how complex and fast-moving the cyber threat landscape has become," said Laura Gillespie, partner and cyber and privacy specialist at Pinsent Masons.

"Cybercriminals are constantly evolving their tactics, using increasingly sophisticated methods to exploit vulnerabilities, disrupt operations and extract maximum value from large organisations," she said.

"Strong cybersecurity is no longer optional - it is a fundamental business requirement. As ransomware continues to dominate, and attackers increasingly target sensitive data and critical supply chains, organisations must invest in robust prevention, response and resilience measures to counter an ever-growing and increasingly professionalised threat," she said.

Regulatory pressure

The report set the trends against a tightening regulatory environment across the UK and Ireland. In the UK, the proposed Cyber Security and Resilience Bill is expected to strengthen national requirements. The Republic of Ireland is preparing its National Cyber Security Bill in line with EU initiatives, including DORA and the Cyber Resilience Act.

Policy debate on ransomware is also moving beyond resilience standards into the economics of extortion. The report said the UK Government's consultation on proposals to increase incident reporting and curb payments to cyber criminals attracted broad support for stronger legal measures. Respondents backed a targeted ban on ransomware payments and a mandatory incident reporting regime, while noting the need for clarity on enforcement and penalties.

Gillespie said organisations should reassess their readiness as the legal landscape develops.

"With the Cyber Security and Resilience (Network & Information Systems) Bill making its way through Parliament, and the Home Office considering legislative proposals to manage ransomware payments, it is crucial that organisations review their incident response protocols to ensure they address the evolving risk landscape and are up to date," she said.

Related stories
Vodafone & Google Cloud launch AI & security tools
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift
Cyber Essentials update raises bar on visibility gaps
ISACA launches AI risk certification amid governance gap

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Black Box Automation vs. Engineer Control: The partnership redefining Kubernetes FinOps
Automotive microcontroller market set to hit USD $15.1bn
BlackBox Hosting partners Everpure for sovereign cloud