Almost half of UK businesses hit by cyber attacks

The general cyber security threat to UK organisations remains “widespread and significant” with 43% of businesses, 28% of charities and 69% of large firms having suffered either a data breach or cyber attack in the past year, and 29% of respondents saying they were experiencing incidents at least once every week.

This is according to the UK government’s latest Cyber Security Breaches Survey for 2025-26, which comes at the tail-end of a 12 month period that saw a series of high-profile incidents targeting the likes of Marks & Spencer, Co-op Group, and Jaguar Land Rover, as well as amid elevated concern over the impact of offensive artificial intelligence (AI) – which was the subject of a warning from government ministers earlier in April.

“These figures are a stark reminder of the importance of having robust cyber security measures. All business leaders should be gripping this issue and taking action now, especially as AI is making the threat more acute. Quite simply, firms cannot afford not to take these steps,” said cyber security minister Liz Lloyd.

Lloyd has today written to the CEOs and chairs of over 180 of Britain’s largest businesses to urge as many as possible to sign on to the government’s Cyber Resilience Pledge, which was announced at the National Cyber Security Centre’s (NCSC’s) annual CyberUK conference in April and is set to launch later in the year.

Organisations signing up to the Cyber Resilience Pledge will have to take three firm actions to improve their security:

• Make cyber security a board-level responsibility;

• Sign on to the NCSC’s Early Warning service, which is free;

• Obtain the NCSC’s Cyber Essentials certifications across their supply chains.

Lloyd said that doing so would help businesses significantly strengthen their defences and keep themselves, their customers, and the wider economy, safe. “Businesses are not powerless,” she said.