Comprehensive analysis of emerging threats and critical insights from the Government's Cyber Security Breaches Survey
A data-driven analysis of cyber threats facing British businesses and charities
Phishing remains the dominant threat, with 85% of breached businesses experiencing attacks. Despite a decline from 42% (2024) to 37% (2025), phishing is rated as the most disruptive breach type by 65% of organisations.
AI-powered phishing has changed the landscape. Modern attacks feature perfect grammar, personalisation, and are increasingly difficult to detect. New vectors include AI voice cloning, deepfake video in BEC schemes, and highly targeted spear-phishing.
The most concerning 2025 trend: ransomware doubled from <0.5% (2024) to 1% (2025)—approximately 19,000 UK businesses affected. While seemingly small, ransomware represents the most devastating attack form, with recovery times extending weeks or months and costs frequently exceeding £100,000.
Businesses experiencing ransomware: <0.5% → 1% (doubled)
Estimated affected businesses: <7,000 → 19,000
The doubling demands urgent attention from UK businesses.
Essential protections: Immutable offline backups tested monthly, network segmentation, endpoint detection tools, privileged access management, and incident response retainers.
Small businesses showed improvements: risk assessments up to 48% (from 41%), cyber insurance to 62% (from 49%), and formal policies to 59% (from 51%). However, breach detection declined for micro (47% → 41%) and small (58% → 50%) businesses.
Only 14% of businesses reviewed immediate supplier risks, just 7% examined wider supply chains. This critical blindspot persists despite major 2025 third-party breaches affecting TalkTalk (18.8M records), NTT Communications (thousands of UK businesses), and Cleo Software (multi-million breach).
Why neglected: Complexity of mapping dependencies, lack of leverage with larger suppliers, assumptions about established brands, cost/time for assessments, and absence of standardised questionnaires.
Practical measures: Require Cyber Essentials from critical suppliers, include security in procurement contracts, conduct annual vendor reviews, maintain third-party access inventory, and establish incident notification requirements.
Despite concerns, 2025 showed progress: small business maturation across metrics, 75% of large businesses with incident response plans, gradual 2FA growth (40% businesses, 92% large businesses), cyber insurance normalisation (45% overall), and reduced phishing prevalence.
The 2025 landscape presents mixed signals. While small businesses adopt better practices and phishing declines, ransomware doubling, supply chain neglect, and charity resource constraints paint a concerning picture.
Three critical takeaways:
1. The sophistication gap is widening between well-resourced large organisations and struggling smaller businesses/charities.
2. Human factors remain decisive—phishing's dominance (85% of breaches) shows behavior remains the weakest link and most important defense.
3. Preparation beats reaction—organisations with formal plans consistently show better outcomes.
Cyber security cannot be treated as an IT problem—it's a fundamental business risk requiring board attention, adequate resourcing, and integration into all operations. Organisations recognizing this will thrive in an increasingly digital and threat-laden environment.
Based on the UK Government's Cyber Security Breaches Survey 2025 (DSIT and Home Office), interviewing 2,180 businesses and 1,081 charities August-December 2024.
CyberGP provides expert guidance on all aspects covered here. Contact us for ISO 27001 audits, penetration testing, phishing simulations, or strategic consultation.
Free consultation: info@cybergp.co.uk