Fall in number of cyber attacks on UK small businesses, but firms warned to remain vigilant
)
Posted: Fri 11th Apr 2025
Cyber attacks suffered by small businesses have reduced over the last year, with 35% of micro firms and 42% of small businesses experiencing a breach.
The findings from the government's annual cyber security breaches survey compare to 40% of micro businesses and 49% of small businesses hit by a cyber attack in 2024.
As a result of this decrease, the overall figures for all businesses fell from 50% (718,000 UK businesses) last year to 43% (612,000 UK businesses) in 2025.
The report estimated that the average cost of breaches for businesses was £1,600, with phishing the most prevalent and disruptive type of attack.
The study said interviews with survey respondents highlighted that businesses have a growing consciousness that increasingly sophisticated methods, such as AI impersonation, were becoming mainstream.
More businesses also reported a significant increase in temporary loss of access to files or networks as a result of cyber attacks (7% in 2025, compared to 4% in 2024).
Cyber security protection
The report said there has been an improvement among small businesses in several cyber security practices.
This includes increased uptake of cyber security risk assessments (48%, up from 41% in 2024), cyber insurance (62%, up from 49% in 2024), formal policies covering cyber security risks (59%, up from 51% in 2024), and business continuity plans addressing cyber security (53%, up from 44% in 2024).
Despite this increase, the report highlighted declining awareness of government cyber security advice campaigns. It found that 24% of businesses were aware of the National Cyber Security Centre's Cyber Aware initiative, compared to 34% in 2021, and only 12% were aware of Cyber Essentials.
The findings follow another report released this week by Vodafone Business.
It found that over a quarter of respondents admitted that a single attack could put them out of business.
However, despite these risks, the study said 38% of SMEs invest less than £100 a year in cyber security, 32% have no protections at all, and 52% of employees have received no cyber security training.
The research also found that more than two thirds of businesses have staff working from home or other off-site locations regularly which leaves them open to attack.
Vodafone said a targeted SME cyber security strategy and campaign should be introduced to support uptake, and schemes such as the Cyber Local scheme should be expanded to increase the number of protected small businesses.
The report also said government should incentivise cyber security investment through a new cyber security capital allowance scheme, and encourage the uptake of public/private partnerships to foster knowledge sharing and collaboration.
Nick Gliddon, CEO at Vodafone Business UK, said:
"In today's rapidly evolving digital landscape, cyber threats are becoming more sophisticated, and SMEs are increasingly in the crosshairs of cybercriminals. Investing in robust cybersecurity is no longer optional - it is a business imperative for protecting sensitive data, maintaining customer trust, and ensuring long-term resilience.
"At Vodafone Business, we understand the critical role SMEs play in driving innovation and growth, and we are committed to equipping them with the right tools and expertise to stay protected. However, SMEs cannot tackle this challenge alone.
"Greater collaboration between businesses, industry leaders, and government authorities is essential to providing these businesses with the resources, education, and support they need to strengthen their cyber defences.
"By working together, we can create a safer, more secure digital environment that empowers SMEs to grow with confidence in an increasingly connected world."
Relevant cyber security resources
A small business guide to cyber security
You might also like…
