Almost half (43%) of UK businesses have suffered a cyber breach in the past year. That equates to approximately 612,000 businesses according to the UK Government’s Cyber Security Breaches Survey 2025, yet fewer than half are using basic protections like two-factor authentication.
In fact, The average cost per business is a shocking figure: £990 per cyber crime (excluding phishing), £5,900 average cost per cyber-facilitated fraud, £10,000 when excluding zero-loss cases.
It can be difficult to spot when you or your business may be at risk of a cyber attack with hackers becoming more and more sophisticated with modern technology.
Cybersecurity expert Andy Pickett, Chief Technology Officer at The Business Hub have offered some key advice on how to spot the warning signs of an attack and how to avoid being caught out.
Sectors Becoming Hacker Hotspots
The study found that some sectors were more susceptible to cyber security attacks than others, Information and communication business were the most affected with 69% of those in the sector experiencing some sort of attack in the last 12 months. But why is this?
Chief Technology Officer, Andy Pickett, at The Business Hub says, “Information and communications businesses are prime targets because they sit at the centre of multiple client networks. Hackers don’t just want their data, they want access to everyone connected to them. Because of this, hackers may target them to access critical information as a stepping stone to hacking other businesses too. This is why it is so important to implement the correct training on how to spot a security breach, such as phishing emails”
Businesses most affected from cyber attacks in the past 12 months:
- Information or communications: 69%
- Professional, scientific or technical: 55%
- Administration or real estate: 48%
- Finance or insurance: 48%
- Utilities or production: 48%
Phishing Emails Most Common Cyber Security Risk
Phishing was responsible for 54% of cyber-facilitated fraud cases, often leading to; malware infections, ransomware attacks, bank account hacking, and even account takeovers. Phishing emails are increasing in frequency with 29% of businesses experiencing attacks, reporting them weekly or more.
Andy advises: “Phishing remains the single biggest gateway into UK businesses. If your team isn’t trained to question urgency and verify payment requests, you’re exposed. But, if you can spot telltale signs, it may be helpful when trying to inform your staff or colleagues. You may see more “urgent” emails from your staff but they almost always require some sort of payment or login details to access company confidential information.”
“Increasing amounts of emails impersonating directors, suppliers or management are also a common sign of hackers. The best way to avoid this is to evaluate if the email is ‘typical’ of the person. If the director of the company doesn’t usually contact you or the tone of voice is slightly off, it is best to report it to ensure you aren’t a victim of a security breach.”
“You should also always check if the email domain is correct. Check your previous email chains to ensure they match up. Slight variations such as .co instead of .com are likely. To avoid phishing emails becoming a problem in your business, training staff is key.”
Impersonation of Your Business or Staff
Impersonation was the second most disruptive attack type (18%) and often stems from phishing emails. A third (34%) of businesses experiencing breaches reported impersonation attacks, and this rises to 51% among small businesses.
Andy continues, “Luckily, there are some warning signs that a hacker may be impersonating you or your business. You may notice customers or suppliers querying emails you didn’t send, an increase in fake social media profiles, and slight changes in invoice details.”
“Being vigilant is the most important action to take, Spending more time checking details of invoices or monitoring your social media profiles is cost-effective and could prevent a cyber attack going further than it needs to”
Larger Businesses Need to Take Responsibility
The research has shown that the larger your business, the more likely you are to be targeted by cyber crime. In fact, 52% of larger businesses experienced a cyber attack in the last 12 months compared to just a quarter of small businesses and only 18% of micro businesses.
The research found that larger businesses experienced more malware, ransomware, and denial of service attacks, as well as unauthorised access.
Ransomware has doubled in prevalence year-on-year (now affecting an estimated 19,000 businesses).
Andy advises, “If you are a larger business, it can feel difficult to monitor and navigate possible cyber threats throughout your organisation. However, senior leaders need to take more responsibility for this. Putting in place the correct security protocols could be the difference between losing thousands or protecting your business from potential attacks.”
Board-level responsibility for cyber security has steadily declined among businesses since 2021, 38% of businesses had a board member with responsibility for cyber security in 2021, compared to 27% in 2025.
Andy continues, “Cyber risk is rising, but board-level accountability is falling. That’s a dangerous combination, and a costly one. In order to protect the business, there needs to be more responsibility for a potential attack. With headlines around security breaches becoming more prevalent, this should be a wake up call to business owners and board level executives to be proactive”.
Basic Controls Can Reduce Risk
Over 42% of Businesses sought external cyber security guidance in the past 12 months. But when breaking it up by the size of the business, medium businesses seem to be the most proactive in trying to prevent the problem.
Size of businesses seeking cyber security advice:
- Medium businesses 69%
- Small businesses 56%
- Large businesses 51%
- Micro businesses 38%
- Charities overall 37%
Andy says, “Many businesses have basic protections (malware software, firewalls, backups), but adoption of stronger controls remains low. The results from the study further showed that only 40% of UK businesses use Two-Factor Authentication (2FA), 31% use a VPN for remote staff, and 30% monitor user activity. If you lack 2FA, secure remote access, or monitoring tools, you are significantly more exposed to account takeover and fraud.”
If you are unsure on how to ensure your business is equipped for a possible cyber security breach, it may be best to hire dedicated staff or use external organisations who are experts in the field.”
“Cyber attacks are no longer rare events. They are recurring business risks. The question isn’t whether you will be targeted, it’s whether you’re prepared when it happens.”
The Business Hub has created a SME Cyber Risk Checklist to help businesses prepare for any potential security breaches. https://thebusinesshub.co.uk/sme-cyber-risk-checklist-protect-your-business-from-phishing/
The post Nearly Half of UK Businesses Experiencing Cyber Security Breaches: Experts Reveal How to Avoid Becoming a Victim first appeared on HR News.