SMEs boost cyber resilience while larger firms struggle

The latest Cyber Security Breaches Survey paints a mixed picture of resilience, with a notable disparity between SMEs and larger businesses.

While fewer small and micro-businesses reported breaches compared to last year, the overall threat landscape remains challenging, particularly for larger organisations, with a notable rise in ransomware crime targeting businesses.

The survey – commissioned by the UK Department for Science, Innovation and Technology (DSIT) and the Home Office – found that just over four in ten businesses (43%) and three in ten charities (30%) identified a cyber security breach or attack in the last 12 months. This translates to roughly 612,000 businesses and 61,000 charities experiencing incidents.

SME breaches decline, but large firms need to improve cyber resilience

The overall decrease in breach prevalence for businesses (down from 50% in 2024) was primarily driven by fewer micro (41% down from 47%) and small businesses (50% down from 58%) identifying attacks, particularly phishing.

However, the prevalence among medium (67%) and large (74%) businesses remained stubbornly high and consistent with the previous year. This shows the pressing need for cyber resilience improvements.

Phishing remains the undisputed king of cyber attacks, experienced by 85% of businesses and 86% of charities that suffered any breach. This equates to 37% of all UK businesses and 26% of charities facing phishing attempts in the past year.

Qualitative interviews highlighted phishing’s disruptive nature, often proving time-consuming due to the sheer volume and need for investigation. Worryingly, organisations noted a “growing consciousness that increasingly sophisticated methods, such as AI impersonation, were becoming mainstream.”

Nathaniel Jones, VP of Security & AI Strategy at Darktrace, said: “While it is encouraging to see an increase in the number of businesses taking action to minimise risks – including risk assessments, creating formal policies and taking out cyber insurance policies – the threat is only increasing.

“The rising use of AI by attackers combined with the continued popularity of cybercrime as-a-service (CaaS) ecosystems, that provide attackers with pre-made malicious tools and services, is increasing the speed, scale, and sophistication of cyber-attacks.”

The rise in ransomware and business impacts

While overall cyber crime prevalence (defined using the Computer Misuse Act 1990) remained steady for businesses (20%) and charities (14%) compared to 2024, the report highlights a significant increase in ransomware crime specifically targeting businesses.

The estimated percentage of all businesses experiencing a ransomware crime (where a financial demand was made) doubled from less than 0.5% in 2024 to 1% in 2025. This equates to approximately 19,000 businesses facing ransomware demands in the past year.

Etay Maor, Chief Security Strategist at Cato Networks, commented: “To combat the rise in ransomware, organisations should implement a multi-layered security architecture that combines threat intelligence feeds, heuristic analysis, and advanced machine learning to detect and block attacks at various stages.

“This includes preventing initial infiltration through phishing, as well as limiting the spread of ransomware within the network.”

Although most breaches (around 84%) did not result in a direct negative outcome like data or financial loss, specific impacts are shifting.

Businesses saw a significant rise in temporary loss of access to files or networks (7% up from 4% in 2024,) while charities experienced increased loss of access to third-party services (5% up from 1% in 2024.)

The average self-reported cost for the most disruptive breach was estimated at £1,600 for businesses and £3,240 for charities (including £0 responses.) Excluding £0 responses, these figures jump to £3,550 and £8,690 respectively. Cyber-facilitated fraud costs were even higher, averaging £5,900 per affected business.

Cyber hygiene and governance concerns

On a positive note, small businesses showed improvements in cyber hygiene to improve their resilience, with increased uptake of risk assessments (48% up from 41%), cyber insurance (62% up from 49%), formal policies (59% up from 51%), and business continuity plans covering cyber (53% up from 44%).   

However, high-income charities saw declines in risk identification activities (75% down from 86%) and having formal strategies (39% down from 47%), potentially linked to budget constraints. Basic technical controls like malware protection and firewalls are common, but adoption of measures like two-factor authentication (40% businesses, 35% charities) remains lower.

Jack Kerr, Director at Appdome, said: “Organisations have little control over what mobile apps employees install on their personal devices … However, businesses can – and must – control the security of their own enterprise mobile applications. If attackers breach initial defences, robust app-level protections can stop them at the next gate.

“To prevent these devastating scenarios, organisations should implement AI-native security measures within corporate mobile apps, proactively detecting and stopping threats in real time. Embedding AI-driven defences directly into commercial and custom enterprise mobile apps is essential to stay ahead of increasingly sophisticated attacks, ensuring corporate networks and systems remain protected behind multiple layers of security.”

Concerningly, the survey revealed a steady decline in board-level responsibility for cyber security and resilience among businesses since 2021 (down from 38% to 27%).

Supply chain risk management also remains an area of weakness, with only 14% of businesses and 9% of charities formally reviewing risks from immediate suppliers. Awareness of government guidance like NCSC campaigns and Cyber Essentials remains limited, particularly among micro-businesses.

Maor concluded, “Organisations must be regularly reviewing security events and leveraging extended detection and response (XDR) tools to investigate and mitigate attacks effectively.

“This proactive approach, coupled with strong leadership and a focus on supply chain security, is crucial for building resilience against the growing threat of ransomware and other cybercrimes.”

Maor also suggests these findings should inform the upcoming Cyber Security and Resilience Bill, particularly regarding AI-powered attacks.

(Photo by Ken Whytock)

See also: Vodafone UK: SMEs are losing billions from weak cybersecurity

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: ai, artificial intelligence, breach, cyber security, Enterprise, infosec, ransomware, Security