The shocking reason 43% of UK businesses have been hit by cyber attacks last year
Date:
Wed, 27 May 2026 14:12:13 +0000
Description:
Why some organizations are more exposed to cyber attacks than others.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Cybersecurity in the UK is
often framed as a national issue, and thats true, but that risk has never
been evenly spread.
Exposure to cybercrime varies significantly between organizations, shaped
less by geography and more by how businesses are structured, governed and prepared. According to the Cyber Security Breaches Survey 2025, 43% of UK businesses and 30% of charities reported experiencing a cyber breach or attack, which translates into an estimated 8.58 million crimes against businesses and another 453,000 affecting charities. Latest Videos From You
may like Regulatory whiplash: Why cyber resilience is now a governance imperative Cyber resilience defines SME competitiveness Reported ransomware incidents are just the tip of the iceberg Mark Edgeworth Social Links Navigation
CEO at Hicomply. Alongside that, the Cifas Fraudscape 2025 Report shows that more than 421,000 fraud cases were recorded in 2024, along with billions in losses.
An interesting question is why some organizations are consistently more exposed than others. Exposure is not random Clear patterns begin to emerge when you look at the underlying drivers of exposure.
Regions with a high concentration of SMEs tend to carry more risk. Smaller organizations often dont have the luxury of dedicated security teams or
mature governance structures, so they move quickly, adopt new systems as they go and build complexity without always building control alongside it. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
On the sector front, areas with strong footprints in financial services, retail, healthcare or education are naturally more attractive targets because of the data they hold. However, some of the most damaging incidents over the past year have taken place in less scrutinized sectors, particularly charities, nurseries and care organizations, where the data is deeply
personal and the consequences far more human.
Then theres maturity. Some regions benefit from stronger digital ecosystems, deeper talent pools and a more embedded understanding of cyber risk, whilst others are still catching up, particularly where digital transformation has outpaced governance.
Put those factors together and exposure starts to look more like a by-product of how organizations are built and managed. What to read next Britain's compliance blind spot AI powers innovation but its also powering the next wave of cyber attacks When confidence becomes a risk: The gap between cyber resilience readiness and reality From cyber incidents to compliance failures Over the past 12 months, weve seen that when something goes wrong, attention quickly shifts from how the attack happened to whether the organization had the right controls in place, whether risks were properly understood and whether recognized standards were being followed. This shift brings implications for regulation, customer trust and long-term business performance.
Of the businesses and charities who experienced at least one cyber crime in the past year, a smaller but significant proportion saw those incidents translate directly into fraud. That link between breach and financial loss is tightening, and with it, expectations around accountability. Why frameworks are becoming the dividing line The organizations that come through incidents strongest are those that put the structure in place long before anything goes wrong, with frameworks like ISO 27001 forcing organizations to think about risk in a systematic way. They require clear ownership, defined controls and ongoing review, not just a one-off effort, creating a baseline that can be evidenced. That distinction is becoming critical.
Businesses are now expected to prove that they take security seriously, whether thats to a regulator, customer or investor. Without that proof, organizations are finding themselves on the back foot before an incident even occurs.
Were also seeing this reinforced through frameworks like CAF and emerging standards around AI governance, where the expectation is demonstrable, auditable resilience. The commercial reality of poor compliance Theres still
a tendency in some organizations to treat compliance as something to be dealt with later or once growth is established, but investors wouldnt accept weak financial controls in a business and theyre increasingly applying the same logic to cybersecurity and compliance.
Organizations with strong compliance frameworks are finding it easier to win new business, particularly in sectors where data security is critical, which opens doors to new markets and supply chains. On the other hand, those that delay are starting to feel the effect, with more questions, more friction and in some cases, missed opportunities. A more realistic view of organizational risk The idea that some regions are more at risk can be misleading if its taken at face value, because geography isnt the root cause. What were really seeing is variation in how organizations approach governance, risk and compliance.
Regions with higher exposure are often home to businesses that are earlier in their maturity journey or operating in sectors where the pace of change has outstripped the controls around it. Thats important, because it means the gap is addressable. What leadership teams should take from this The starting
point is visibility, knowing where your risks sit and how they could materialize. What follows is the discipline to put structure around them, whether thats through recognized frameworks, clearer ownership or more consistent oversight.
Organizations that manage incidents well have a level of preparedness that comes from having thought these scenarios through in advance. That
preparation shows up in how quickly decisions are made, how clearly responsibilities are defined and how confidently the business can respond under pressure.
Compliance sits at the center of that, as a way of bringing consistency, accountability and proof into how the organization operates. The ability to evidence good practice is becoming just as important as the controls themselves.
Cyber risk may be a national conversation, but its impact is always local to the organization experiencing it. Leadership teams that recognize that, and act early, are the ones who keep control when others are trying to regain it. We've reviewed the best Antivirus Software . This article was produced as
part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:
https://www.techradar.com/pro/perspectives-how-to-submit
======================================================================
Link to news story:
https://www.techradar.com/pro/the-shocking-reason-43-percent-of-uk-businesses- have-been-hit-by-cyber-attacks-last-year
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)