SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Uk office cybersecurity aware staff worried suspicious email 7f3c2a
#
Malware
#
Firewalls
#
VPNs

UK businesses hit by cyber breaches as phishing rises

Tue, 24th Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

The Business Hub has warned that 43% of UK businesses suffered a cyber breach in the past year, citing the UK government's Cyber Security Breaches Survey 2025.

That equates to about 612,000 businesses. The group also highlighted the low uptake of basic safeguards: only 40% of UK businesses use two-factor authentication, 31% use a virtual private network for remote staff, and 30% monitor user activity.

Cyber crime also continues to impose material costs on affected companies. The figures cited show an average cost of £990 per cyber crime excluding phishing, £5,900 for cyber-facilitated fraud, and £10,000 when zero-loss cases are excluded.

Sector exposure

Some parts of the economy reported notably higher exposure than others. Information and communications businesses were the most affected, with 69% reporting some form of attack in the past 12 months.

Professional, scientific and technical businesses followed at 55%. Administration and real estate, finance and insurance, and utilities and production each stood at 48%.

Andy Pickett, chief technology officer at The Business Hub, linked the higher risk in technology-related sectors to their role in wider business networks.

"Information and communications businesses are prime targets because they sit at the centre of multiple client networks. Hackers don't just want their data, they want access to everyone connected to them. They may target these firms as a stepping stone to hacking other businesses too. That is why it is so important to provide the right training on how to spot a security breach, such as phishing emails," Pickett said.

Phishing risk

Phishing remained the most common route into organisations, accounting for 54% of cyber-facilitated fraud cases. Such attacks can lead to malware infections, ransomware, bank account hacking and account takeovers.

Nearly three in 10 businesses that experienced phishing attempts said they saw them weekly or more often. That frequency has maintained pressure on employers to train staff to identify suspicious requests and unusual messages.

"Phishing remains the single biggest gateway into UK businesses. If your team isn't trained to question urgency and verify payment requests, you're exposed. Common warning signs include urgent emails asking for payment or login details to access confidential company information," Pickett said.

He added that emails impersonating directors, suppliers or managers are also common. "The best way to assess these is to ask whether the email is typical of that person. If a director does not usually contact you, or the tone feels slightly off, it is best to report it to avoid becoming a victim of a security breach."

Pickett also urged staff to check email domains carefully. "Review previous email chains to make sure they match. Slight variations, such as .co instead of .com, are a likely warning sign. Training staff is key to preventing phishing emails from becoming a bigger problem in your business."

Impersonation attacks

Impersonation was described as the second most disruptive type of attack, affecting 18% of those hit by incidents. Among businesses that suffered breaches, 34% reported impersonation attacks, rising to 51% among small businesses.

These incidents often grow out of phishing attempts and can involve false invoices, fake social media profiles or messages sent in the name of staff members.

"There are some warning signs that a hacker may be impersonating you or your business. You may notice customers or suppliers querying emails you didn't send, an increase in fake social media profiles, or slight changes in invoice details," Pickett said.

"Being vigilant is the most important action to take. Spending more time checking invoice details or monitoring your social media profiles is cost-effective and could stop a cyber attack from escalating."

Large company burden

The data also suggests larger organisations face greater pressure from attackers. More than half of larger businesses, or 52%, experienced a cyber attack in the past year, compared with 25% of small businesses and 18% of micro businesses.

Larger businesses were more likely to report malware, ransomware, denial-of-service attacks and unauthorised access. Ransomware has doubled in prevalence year on year and is now estimated to affect 19,000 businesses.

At the same time, board-level responsibility for cyber security has fallen. The figures cited show that 38% of businesses had a board member responsible for cyber security in 2021, compared with 27% in 2025.

"For larger businesses, it can feel difficult to monitor and manage cyber threats across the organisation. However, senior leaders need to take more responsibility. Putting the right security protocols in place could be the difference between losing thousands and protecting the business from potential attacks," Pickett said.

He warned that rising cyber risk combined with falling board-level accountability was "a dangerous combination, and a costly one". He added: "There needs to be greater ownership of cyber risk. With headlines about security breaches becoming more common, this should be a wake-up call for business owners and board-level executives to be proactive."

Basic controls

More than 42% of businesses sought external cyber security guidance in the past 12 months. Medium-sized businesses were the most likely to seek advice at 69%, followed by small businesses at 56%, large businesses at 51%, micro businesses at 38%, and charities overall at 37%.

Pickett said many firms already use malware software, firewalls and backups, but argued that stronger controls are still not widely adopted.

"Many businesses have basic protections, such as malware software, firewalls and backups, but adoption of stronger controls remains low. The study showed that only 40% of UK businesses use two-factor authentication, 31% use a VPN for remote staff, and 30% monitor user activity. If you lack 2FA, secure remote access or monitoring tools, you are significantly more exposed to account takeover and fraud," Pickett said.

He added that businesses unsure how to prepare for a cyber security breach should consider hiring dedicated staff or using external specialists.

"Cyber attacks are no longer rare events. They are recurring business risks. The question isn't whether you will be targeted, but whether you're prepared when it happens," Pickett said.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
BlackBox Hosting partners Everpure for sovereign cloud
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack