London, April 30, 2026
A new UK government cybersecurity report has revealed that nearly half of businesses in the country experienced a cyber incident over the past year, with phishing attacks continuing to dominate as the primary entry point for attackers.
According to the latest Cyber Security Breaches Survey 2026, around 43 percent of UK businesses and 28 percent of charities reported at least one cyber breach or attack within the last 12 months. This translates to approximately 612,000 businesses and 57,000 charities being affected, highlighting the persistent scale of the threat.
Phishing Remains the Leading Cause
The report makes it clear that phishing is by far the most common method used by attackers. Around 85 percent of organizations that reported a breach said phishing played a role in the incident.
These attacks typically involve impersonation emails that trick employees into:
- Clicking malicious links
- Opening infected attachments
- Entering login credentials on fake websites
- Sharing sensitive information
Despite increasing awareness of cybersecurity risks, phishing continues to succeed because it targets human behavior rather than technical vulnerabilities.
Frequency of Attacks Increasing
For many organizations, cyberattacks are not isolated incidents. The report shows that among businesses that experienced breaches, about one in four said attacks occurred at least once a week.
Charities are also seeing an increase in attack frequency. The proportion reporting weekly incidents has risen from 18 percent to 26 percent over the past year.
This trend indicates that cyber threats are becoming more persistent and frequent, rather than occasional disruptions.
Security Measures Improving, But Gaps Remain
There are signs that organizations are making efforts to strengthen their cybersecurity posture. Around 60 percent of medium and large businesses reported having a formal cybersecurity policy in place.
Other improvements include:
- Increased use of incident response plans
- Growing adoption of cyber insurance
- Basic security tools such as firewalls and malware protection
However, the report also highlights significant gaps, particularly among smaller businesses.
Basic Protections Not Fully Implemented
While many organizations have implemented basic security measures, adoption is not consistent across the board.
At least two-thirds of businesses reported having:
- Updated malware protection
- Cloud backups
- Password policies
- Firewalls
- Restricted administrative access
But more advanced protections are less common. Fewer organizations reported using:
- Two-factor authentication (2FA)
- Formal data backup policies
- VPNs for secure access
- User activity monitoring
This uneven implementation leaves many systems exposed to avoidable risks.
Decline in Security Practices Among Small Businesses
One of the more concerning findings is a decline in cybersecurity practices among small businesses.
The proportion conducting regular cybersecurity risk assessments has dropped to around 40 percent. This suggests that earlier improvements in awareness and preparedness may not be sustained over time.
Small businesses often lack dedicated security resources, making them more vulnerable to attacks.
Ransomware Policies Still Unclear
The report also highlights uncertainty around ransomware response strategies.
Around 49 percent of businesses and 34 percent of charities stated that they have a policy of not paying ransom demands. However, a significant number of organizations remain unsure about their approach.
Approximately:
- One-quarter of businesses
- One-fifth of charities
said they do not know what their ransomware policy is, indicating a lack of preparedness for such incidents.
Supply Chain Risks Overlooked
Another major concern is the limited focus on supply chain security.
Only:
- 15 percent of businesses review risks posed by direct suppliers
- 6 percent assess risks across the wider supply chain
Charities show even lower engagement in this area.
This is significant because attackers often exploit weaker links in supply chains to gain access to larger organizations.
Data Protection Still Inadequate
The report also points to weaknesses in data protection practices.
Around:
- 14 percent of businesses
- 22 percent of charities
admitted they store personal data without proper protection such as encryption or anonymization.
This increases the potential impact of a breach, as attackers may gain access to sensitive and usable information.
The Human Factor Remains the Weakest Link
One of the key takeaways from the report is that human error continues to play a central role in cybersecurity incidents.
Even with advanced technologies available, simple actions like clicking on a phishing email can lead to major breaches.
This highlights the importance of:
- Regular employee training
- Awareness programs
- Simulated phishing exercises
Technology alone cannot fully prevent attacks if users are not adequately prepared.
Conclusion
The UK Cyber Security Breaches Survey 2026 presents a clear picture: cyber threats remain widespread, and phishing continues to be the most effective attack method.
While organizations are taking steps to improve their defenses, gaps in implementation, awareness, and policy continue to leave many vulnerable.
The findings reinforce a critical message for businesses of all sizes — cybersecurity is not just a technical issue, but a continuous process that requires attention, investment, and user awareness.