43% of businesses suffer cybersecurity attacks & these are the biggest concerns
Photo by Towfiqu barbhuiya on Unsplash
The UK cyber security breaches survey for 2025 was unveiled at the start of April, and it threw up some interesting facts and figures regarding the state of business security. As the title of this post alludes to, the main headline was that 43% of all businesses reported at least one cybersecurity attack within the last 12 months. What’s even more interesting is that this figure rises to 50% for small businesses, 67% for medium businesses and a whopping 74% for large businesses. In other words, the bigger the business, the more cyber threats it faces.
There’s a ton of information to take from this survey, though the most intriguing part deals with the type of cybersecurity breaches and threats a business is likely to face. We’ve got the data with us to reveal what your biggest concerns should be as you move forward in 2025 and beyond.
1. Phishing attacks
The survey reveals that 85% of all businesses reported phishing attacks – or attempted phishing attacks – during the last twelve months. That’s by far and away the largest percentage from this study, proving that this is the biggest security concern for the modern enterprise.
To clarify, phishing attacks are any cyberattacks that use fraudulent messages or links to trick individuals into sharing sensitive data. It’s extremely easy for anyone to fall victim to one of these attacks, though the consequences are severe when you’re tied to an organisation. One of the most common problems is an employee falling for a phishing attack and accidentally sharing sensitive data with a cybercriminal, or doing something that opens a gate for the criminal to hack into the system.
Phishing incidents often result in data breaches that can harm a business’s relationship with its customers, while also leading to a loss of money. Robust cybersecurity systems can try to mitigate these attacks, but the best approach is to train employees to identify phishing scams and learn to avoid them.
2. Identity theft (both online & in person)
Identity theft is second on the list, with 34% of businesses admitting it was a problem in the last year. What’s worrying about this is that it refers to identity theft both online and in person. Online identity theft is what most people associate with this cybercrime; someone impersonates your company online and contacts your customers or sets up a fraudulent website that siphons data and makes your business look bad.
However, in-person identity theft is a growing problem that leads to more physical security breaches. What happens is a criminal walks up to your premises and pretends to be an employee, bypassing the front-of-house security systems. They can use clever devices to replicate the wireless signals needed to unlock an access control lock. There may even be multiple parties working together with a hacker remotely unlocking the system to allow the individual in your building, where they can essentially steal as much information as they want.
It’s a legitimate concern that can only be addressed by modern and secure access control systems that protect against emerging cybersecurity threats. Hacker-proof access control prevents in-person identity theft, meaning you only have to worry about the online stuff. This can be even harder to control; you’ll need good communication to broadcast information to customers and consumers, explaining when or how you’ll contact them. Let them know how to spot fraudulent messages – and also have a security team scour the web to take down any fraud websites that are up in your name.
3. Malware
Malware is a term that describes any kind of software designed to damage your computer system, networks or devices. That definition is taken from the National Cyber Security Centre, and it includes things like viruses or spyware. Looking back at the original cybercrime survey, we can see that 18% of businesses experienced issues with malware in the past twelve months.
Specifically, the company’s devices are being targeted by malware in the form of viruses or spyware software that steals data from the business or causes downtime. This can often lead to something else – which we’ll discuss when we get to the fourth biggest concern on this list. Regardless, spyware remains a big concern because it allows outsiders to gain access to a company’s private data and information. The criminal can then sell this data on the Dark Web for money, potentially leaking some of your biggest secrets for others to steal.
It’s genuinely possible for malware to stop your business in its tracks. Perhaps some hidden spyware finds documents for an upcoming new product release, but it gets shared with other businesses behind your back. They can then take these ideas and get ahead of you to release either the same product (or an improved version). The only real way to prevent malware attacks is with a robust anti-malware platform that always stays updated to deal with the latest threats.
4. Takeover attempts & ransomware
The survey technically lists takeover attempts and ransomware as two separate incidents. 7% of businesses saw takeovers or attempts to take over their social media/email accounts, while 6% saw their devices targeted with ransomware. Both were particularly problematic for small businesses, as they stunted growth for a lot of companies in the country.
While takeover attempts and ransomware are two different threats, they both serve the same end goal: to force businesses to pay money. Hackers will take over social media accounts or email addresses and demand payment if the business wants their accounts back. It puts the company in a terrible position; do they give in or set up new accounts and deal with the stress of communicating this information to consumers? Similarly, some cyber criminals will target software or hardware with a specific type of malware that locks down the devices/applications. It renders them unusable, meaning a business can call upon one of the main things it needs to run. The criminal then demands a ransom and will release its hold on the devices after.
This is probably one of the worst cyber threats your business can face because there’s no easy way out of it. You’ll either have to pay money or get help from law enforcement agencies to try and track down the criminal. Honestly, there’s no easy way out of this – even if you pay, there’s no guarantee the criminal will stay true to their word. You could spend a lot of money, only to remain locked out of your accounts/devices.
5. Bank account hacking
Finally, 6% of businesses were either hacked or saw attempted hacks on their online bank accounts. We live in a world where online business banking is extremely popular, but this opens the door to some clear online threats. Many cybercriminals are looking for ways to access online bank accounts as a direct way of stealing money.
The good news is that only a small percentage of businesses suffered in the last twelve months, mainly due to online banking systems getting even more robust. You can also prevent this issue by limiting who has access to your bank details; if everyone in the office knows the password and login information, there’s a way higher chance of hackers accessing the same info.
Based on the latest cybersecurity breaches survey, these are the top five biggest concerns for businesses in the UK. Bring this information with you and use it to identify key areas of security investment in your company. Pay especially close attention to phishing attacks and identity theft; they’re the worst problems a business can face.