The alarming rise of cyber security breaches
Cyber security attacks: They are all over the news:
Just this week, schools in West Lothian have been the victim of a suspected criminal ransomware cyberattack. West Lothian Council confirmed a cyberattack on its education network, made up 13 secondary schools, 69 primary schools and 61 nurseries. The criminal investigation is ongoing.
And only last week, we heard of the severe cyber-attack that has left retail giant, Marks & Spencer’s being held to ransom, forcing it to suspend online orders and halt recruitment. Staff reveal the company had no contingency plans in place to manage such an incident.
Days later, we learned of the Co-Op cyber-attack, claimed by ransomware group, DragonForce. These hackers have infiltrated IT networks and stolen huge amounts of customer and employee data. They are also believed to have gained access to internal Teams chats and calls.
A significant increase in cyber security breaches at businesses & charities
According to the UK Government Official Statistics, the Cyber Security Breaches Survey 2025 published this April reveals that almost half of businesses (43%) and a third of charities (30%) have experienced a cyber security breach or attack in the last 12 months. This accounts for approximately 612,000 businesses and 61,000 registered charities.
Percentage of organisations that have identified breaches or attacks in the last 12 months
The report goes on to estimate that UK businesses have experienced approximately 8.58 million cyber-crimes of all types including approximately 7.87 million phishing cyber-crimes, 680,000 non-phishing cyber-crimes and 595,000 hacking cyber-crimes in the last 12 months. UK charities have experienced approximately 453,000 cyber-crimes of all types in the last 12 months.
The education sector remains a target for cyber crime
All types of education institutions have identified cyber security breaches or attacks in the last 12 months. 60% of secondary schools identified a breach or attack in the past year, along with 85% further education colleges and 91% higher education institutions. Alarmingly, all players in the education sector are all more likely to experience a breach or attack than the average UK business (43%).
Percentage of education institutions that have identified breaches or attacks in the last 12 months
What is cyber crime?
Cyber crime involves gaining unauthorised access, or causing damage, to computers, networks, data or other digital devices, or the information held on those devices. Examples of cyber crime include hacking or unauthorised access into online accounts (eg. banking, email or social media accounts), denial of service attacks, or devices being infected by a virus or other malicious software (including ransomware) as well as phishing attacks where staff unintentionally open an attachment in an email.
The most common form of cyber crime
According to the report, the most common breach is phishing – such as staff receiving fraudulent emails or being directed to fraudulent websites. Hacking was the second most common type of cyber crime, followed by others ransomware.
Percentage of organisations that have identified the following types of cybercrime in the last 12 months
Increased frequency of breaches or attacks
Among those identifying any breach or attack in the previous 12 months, around half of businesses (52%) said they experienced a breach or attack at least once a month, and one in three said it happened at least once a week (29%). For charities, around two in five (39%) said they experienced a breach or attack at least on a monthly basis, and for one in five this was at least once a week (18%).
Alarmingly, not much action has been taken by those organisations who have experienced an attack. The report reveals 62% of businesses and 67% of charities have taken some form of action to prevent further breaches. This also means that around 30% of charities and business did not.
Most have made some people or training related changes (32% businesses, 38% charities). For both groups, fewer decided to make changes to their governance processes (8% of businesses and 6% of charities).
Percentage of organisations that have done any of the following since their most disruptive breach of attack of the last 12 months
How secure is your organisation?
Cyber threats are here to stay – and are becoming more and more prevalent as well as sophisticated – in particular as AI continues to infiltrate our daily lives.
Every organisation in every sector holds vast amounts of valuable data – personal data of children, staff bank accounts and addresses, medical records, and much more. This data is your most valuable asset and needs to be protected.
From password policies and agreed processes around phishing to a VPN for staff connecting remotely and rules for storing and moving personal data securely, how resilient is your organisation to cyber incidents?
Boost your cyber resilience
Cyber security needs to become a top priority for everyone – large enterprises, public sector organisations, SMEs, schools, and charities – no-one is exempt, and we all have the potential to be hacked.
From developing a formal cyber security strategy and deploying malware protection, to staff training about phishing and becoming independently certified by the government-endorsed Cyber Essentials scheme, there are several steps you can introduce to better protect your organisation from the threat of cyber crime.
Find out how we help organisations become prepared and protected against cybercrime right here.