Cyber Toolkit Ltd, a UK Registered Company - 16938415
When the Department for Science, Innovation and Technology (DSIT) released the Cyber Security Breaches Survey 2025/2026 on the 30th April, it provided another useful snapshot of how UK organisations are approaching cyber security, cyber risk and resilience.
The survey, commissioned in partnership with the Home Office, looks at cyber security experiences and practices across UK businesses, charities and educational institutions. As with previous years, the findings show that cyber security continues to be a common operational challenge for organisations of all sizes, although there are some notable shifts in priorities, attack trends and resilience activity.
One of the key findings from this year’s report is that 43% of UK businesses and 28% of charities reported experiencing some form of cyber security breach or attack during the last 12 months. This equates to approximately 612,000 businesses and 57,000 charities across the UK.
Phishing continues to be the most common form of attack by a significant margin. The survey found that 38% of businesses and 25% of charities experienced phishing attempts, with phishing also being identified as the most disruptive type of incident among organisations that experienced a breach.
Interestingly, among businesses and charities that reported experiencing a breach, the proportion affected only by phishing attacks increased compared with previous years. The report suggests this may reflect how easy phishing campaigns have become for attackers to distribute at scale, particularly as tools using artificial intelligence become more accessible.
This aligns with a broader trend many organisations are already seeing internally. Phishing emails, impersonation attempts and fraudulent supplier communications are becoming more convincing, more targeted and more difficult for users to identify. While ransomware often attracts the most attention publicly, the survey actually found ransomware attacks declined this year, with only 1% of businesses reporting ransomware incidents compared with 3% in each of the previous two years.
The survey also found that impersonation attacks have declined over the longer term, dropping from 17% in 2023 to 12% this year. While this is a positive trend, phishing and social engineering continue to account for the majority of incidents organisations experience.
Alongside attack trends, the report provides useful insight into how organisations are managing cyber risk internally.
Only around 30% of businesses and 27% of charities said they had carried out a cyber security risk assessment. This figure has remained broadly unchanged compared with the previous year, suggesting that many organisations still do not have a formal process for identifying vulnerabilities, operational dependencies or resilience gaps.
For organisations reviewing their cyber posture, this is often one of the most important starting points. Without a clear understanding of where risks exist, it becomes much harder to improve resilience or demonstrate cyber understanding to customers, insurers or suppliers.
This is also reflected in the survey’s findings around supply chain security.
Only 15% of businesses said they formally reviewed the cyber security risks posed by immediate suppliers, while just 6% assessed risks across their wider supply chain.
Among charities, the figures were even lower.
This is particularly relevant given the increasing operational dependence many organisations have on external platforms, managed service providers, SaaS tools and cloud infrastructure. High-profile incidents affecting organisations such as Marks & Spencer and Co-op during the past year have also increased awareness of how cyber incidents can affect operations, suppliers and customer services beyond the directly impacted organisation.
The survey notes, however, that despite several major public cyber incidents during 2025/2026, there has not been a substantial economy-wide increase in cyber resilience activity.
One area where there has been some progress is Cyber Essentials adoption.
The proportion of businesses holding Cyber Essentials certification increased from 3% to 5% overall, with larger increases among small and large businesses. The survey’s qualitative interviews also found that many organisations now view Cyber Essentials and Cyber Essentials Plus as practical frameworks for improving baseline security controls rather than purely compliance exercises.
This reflects a wider shift toward organisations looking for clearer and more measurable ways to assess resilience and cyber maturity.
The survey also highlighted the challenges smaller organisations still face when accessing cyber guidance.
Many said existing guidance can feel too technical or too heavily focused on larger organisations with dedicated internal security teams. Some businesses reported relying heavily on IT providers or informal advice because they lacked confidence in interpreting cyber guidance themselves.
This is important because SMEs continue to face many of the same risks as larger organisations, often without the same internal resources or governance structures.
Another area explored in this year’s survey was artificial intelligence.
Around a third of businesses and a quarter of charities said they were either using AI, adopting AI or actively considering implementation. However, only around a quarter of those organisations reported having cyber security processes or controls specifically designed to manage AI-related risks.
As AI adoption continues to increase, organisations are beginning to assess issues such as:
The survey suggests many organisations are still in the early stages of developing governance around these areas.
Cyber insurance was another area showing continued growth.
Almost half of businesses reported having some form of cyber insurance, with medium and small businesses more likely than average to hold cover. Interestingly, the survey found that organisations increasingly value insurers not only for financial protection, but also for access to guidance, incident support and cyber expertise.
One of the more consistent themes throughout the report is that cyber security is gradually becoming more integrated into wider operational decision-making.
Businesses in sectors such as finance, insurance and real estate were significantly more likely than average to treat cyber security as a high priority, often reflecting the volume of sensitive data they process and their reliance on digital systems.
The survey also found that organisations continue seeking external cyber guidance, although smaller businesses in particular still want clearer, more practical and more actionable advice.
This is an area where practical tooling and measurable resilience assessments can provide value, particularly for organisations that may not have dedicated internal cyber teams.
Overall, the Cyber Security Breaches Survey 2025/2026 does not suggest a dramatic increase in attacks across the UK economy. Instead, it highlights the continuation of several long-term trends:
For many organisations, the challenge is no longer recognising that cyber security matters. The challenge is understanding how to prioritise improvements, measure resilience and make cyber risk management practical and sustainable over time.
Many of the issues highlighted throughout the Cyber Security Breaches Survey 2025/2026 are areas Cyber Toolkit is specifically intended to support.
For example, with phishing continuing to dominate the threat landscape, organisations need better visibility of user risk, awareness gaps and operational vulnerabilities. Cyber Toolkit helps organisations assess and improve baseline cyber resilience through practical guidance, structured assessments and measurable security improvements that can be implemented without requiring a large internal cyber team.
The survey also highlighted that many organisations still do not carry out formal cyber risk assessments or adequately review supply chain risks. Cyber Toolkit helps organisations better understand their current security posture, identify resilience gaps and prioritise improvements in a more structured and manageable way. This is particularly important for SMEs and charities, where the survey found organisations often struggle with overly technical guidance or limited internal expertise. Practical tooling that translates cyber security into understandable operational actions can help bridge that gap significantly.
By providing accessible, practical and measurable cyber resilience support completely free of charge to UK organisations, Cyber Toolkit has the potential to directly address many of the capability gaps, governance challenges and resilience issues identified throughout this year’s Cyber Security Breaches Survey.