Cyber crime threats, UK
Cyber crime is a major problem for UK businesses of every size, whilst most of the major cyber security incidents we hear about are large businesses, this doesn't mean that they are the only businesses to be targeted.
In reality, over 560,000 new cyber threats are discovered daily and 81% of all UK businesses that suffer from a Cyber Security Attack are small and medium-sized businesses (SMBs/SMEs). But, in reality, 97% of businesses who suffer a cyber attack could have been protected if they had a modern and comprehensive cyber security solution in place.
As your local cyber security experts we feel it is our role to help businesses understand the threats that they may be facing (see our news and educational articles). This is why we provide you with the most current and up-to-date data on UK cyber crime statistics for 2025. Take our Business Cyber Security Health Check
If you would like to speak to us about these statistics, or cyber security solutions for your (or your clients) business, visit the link above, or email info@twenty-four.it.
What is the cost of Cyber Crime in the UK?
In 2022, Cyber Crime cost UK Businesses an average of £4,200, the total cost of cyber crime to the UK economy is estimated to be £27 billion per year, with businesses accounting for a significant proportion of this cost. Based on recent reports, it is expected that the average cost to remedy an attack is £21,000. Despite this, only 22% of UK businesses have a formal cybersecurity incident management plan in place, and in 2024 only 31% of businesses and 26% of charities undertook a cyber security risk assessment/health check, suggesting that many businesses are not adequately prepared for the threat of cyber crime.
One of the most common forms of cyber crime in the UK is fraud, with a total of £1.3 billion lost to fraud in the UK in 2020. In Yorkshire and Humber alone in 2023, there were more than 2,030 reported instances of cyber crime and/or fraud, which totalled more than £19.3 million in financial losses. This included a significant amount lost to online shopping fraud, with victims losing a total of £63.8 million in 2020. This represents a 37% increase from the previous year, with the average loss per victim being £720 ($995 USD).
In addition to fraud, there were 2.3 million cases of computer misuse reported in the UK, over one million incidents of unauthorised access to personal information, and over 400,000 reported cases of fraud and computer misuse.
Cyber attacks are a significant threat to businesses in the UK, with 50% of UK businesses reporting a cyber attack in 2024. The average cost of a cyber-attack to a medium UK business was £10,830.
In 2024, 84% of businesses that experienced cyber security breaches or attacks faced phishing attempts. Ransomware attacks in the UK increased by 70% in 2020, highlighting the growing threat of these types of attacks.
In 2024, the UK Government Cyber Security Breaches Survey revealed that 50% of UK businesses had suffered a cyber-attack or security breach in the previous 12 months. This is an increase from the previous year’s survey (39% in 2022).
8.58M
Cyber attacks on UK businesses throughout 2024
30%
Of charities reported at least one cyber breach or attack within the past 12 months.
15%
Of businesses undertook a cyber vulnerability assessment in 2024
85%
Of affected businesses and charities experienced phishing attacks.
32%
Of businesses had guidelines on external reporting of cyber breaches.
72%
Of all businesses surveyed ranked cyber security as a high priority.
40%
Of businesses reported having two-factor authentication enabled in 2024.
3%
Of all businesses and 1% of all charities have been a victim of fraud that resulted from a cyber breach or attack.
40%
Of businesses and 35% of charities use a virtual private network for connecting staff remotely.
67%
Of medium businesses saw a high prevalence of cyber breaches and attacks.
92%
Of large businesses ranked cyber security as a high priority, compared to 72% of all businesses.
43%
Of businesses reported having experienced some kind of cyber security breach or attack in the last 12 months.
30%
Of charities reported having experienced some kind of cyber security breach or attack in the last 12 months.
85%
Of businesses say phishing attacks remain the most prevalent and disruptive attack vector.
70%
Of large businesses have a cyber security strategy in place.
57%
Of large businesses have a cyber security strategy in place.
86%
Of affected charities were affected by a phishing attack or breach in 2024.
£5,900
Is the average calculated loss per business following a cyber breach in 2024.
50%
Of internet users reuse passwords
Cyber Crime Stats UK 2025
Here, we provide you with the most current and up-to-date data on cyber crime stats for the year 2025.
Our statistics are based on the most recent UK Gov Cyber Security Breaches Survey 2024 and the UK Gov Cyber Security Breaches Survey 2025, information available as of April 10th 2025.
We believe that staying informed about cyber crime is crucial. Our goal is to provide you with accurate and reliable data that you can use to protect yourself and your business.
As digital reliance increases, these figures highlight the urgent need for proactive cybersecurity measures, employee awareness, and robust data protection strategies to reduce risk and stay ahead of evolving threats.
Cyber crime refers to any criminal activity carried out using computers and the internet. With the rise of technology and the increasing reliance on digital communication, cybercrime has become a significant concern for individuals, businesses, and governments worldwide.
It can take many forms, including hacking, identity theft, phishing scams, and cyberbullying. Hacking involves gaining unauthorised access to computer systems, networks, or data and can be done for various malicious purposes. Phishing scams are designed to trick individuals into providing personal information through fraudulent emails or websites.
To stay protected, individuals and businesses should take preventive measures such as using strong passwords, keeping software up to date, and being cautious of suspicious emails or websites. Cyber crime is a growing threat that requires awareness and proactive action to mitigate its impact.
In late February 2020, the NCSC was evaluating a number of new takedown initiatives for the new financial year. The final decision on which initiatives would be implemented was made in March, just as the UK was entering the first lockdown. They noted the link between commodity cyber crime and subsequent fraud that may follow a breach of credentials or personal information through phishing or similar attacks.
To do more to prevent this, they decided to see whether the takedown service could lower the value proposition for other types of high-volume internet-enabled fraud.
Let’s take a look at the targeted attacks by type between March and December 2020.
The term “median availability” typically refers to the amount of time that a particular service or system is available to users over a given period. The median availability is the middle value in a range of availability measurements taken over that period.
From March 2020 to the end of the year, the NCSC dismantled 29,959 COVID-19-themed attack groups, which included 33,313 URLs. These attacks were classified by type and occurred between March and December 2020.
| Attack Type | Number of Attacks (Urls) | Number of Attack Groups (Campaigns) | Median Availability (Hours) |
|---|---|---|---|
| COVID-19 themed cybercrime | 33,313 | 39,959 | 25 |
| Fake shops | 213,147 | 123,755 | 354 |
| Fake celebrity endorsement scams | 729,868 | 123,755 | 354 |
| Remote Access Trojans (RATs) | 2,954 | 1,733 | 39 |
| Banking trojans | 39,255 | 6,303 | 31 |
18,547
Advanced fee fraud attacks
4,930
Malware attachment mail server attacks
2,220
Advanced fee fraud mail server attacks
1,742
Phishing URL mail server attacks
2,943
Fake shop attacks
1,844
Malware infrastructure URL attacks
339
Phishing URL attacks
350
Malware distribution URL attacks
133
DKIM signed email domain attacks
127
Malware command and control centre attacks
Attack Volume
Attack volumes reveal just how diverse and persistent modern cyber threats have become. These figures demonstrate that organisations are not facing a single threat, but a constant stream of varied attack types that require layered, adaptive security controls.
What is a fake shop?
A fake shop is a type of online scam where fraudsters create a fake e-commerce website that appears to sell legitimate products. They often use high-quality images, descriptions, and prices to make the fake shop look real and attract unsuspecting shoppers. However, the products are either non-existent, counterfeit, or vastly different from what is advertised. The goal of the scam is to trick people into paying for products that they will never receive, allowing the scammers to profit from fraudulent transactions.
Fake online shop sites typically offer outlandish discounts on popular items to attract victims. They do not map to a real business and if a victim were to try to purchase an item, they would probably be charged for counterfeit goods or receive nothing at all. Between April 2020 and the end of the calendar year, the NCSC identified and took down 139,522 fake shops (222,353 URLs).
UK government-themed phishing
In 2020, the NCSC took down 11,286 UK phishing campaigns, a total of 59,435 URLs. These attacks were hosted all over the world and the median availability of these attacks was 21 hours, with 52% taken down within 24 hours of discovery.
£63.8 million
Lost by victims to online shopping fraud.
7.78 million
Cyber attacks on UK businesses in 2024.
Over 1 million
Unauthorised access incidents to personal information were reported.
More than 560,000
Global Cyber Threats are discovered daily.
More than 400,000
Cases of fraud and computer misuse were recorded.
50%
Of UK businesses experienced a cyber attack.
Only 31%
Of UK businesses undertook a cyber risk assessment in 2024.
£3,230
Average cost of a cyber attack to a UK business.
84%
Of cyber-attacks in the UK were phishing scams.
70%.
Increase in ransomware attacks in the UK.
2nd
The UK was the second-most targeted country in the world for cyber attacks, after the US.
£21 billion
Per year was the estimated cost of cyber crime to UK businesses
£10,830
The average cost of a cyber-attack to a UK business.
over 208 million
Scam emails received by UK residents. Over 69,000 cases of identity theft were reported in the UK.
50%
Of UK businesses have been a victim of cyber crime.
25%
Of UK consumers believe they will fall victim to cyber crime in the future.
£27 billion
Estimated UK cyber crime costs per year for the economy.
Only 15%
Of UK businesses have a formal cybersecurity incident management plan.
Only 3%
Of UK businesses and Charities adhere to the Cyber Essentials scheme.
31%
Increase in cyber-attacks targeting UK businesses after COVID.
38 days
The average time UK businesses take to identify a cyber-attack, and 43 days to recover fully.
UK Cyber Crime Statistics
All statistics shown are sourced from trusted, authoritative bodies and industry reports, including Action Fraud, the Office for National Statistics, the National Cyber Security Centre, the Hiscox Cyber Readiness Report 2021, and insights from IBM Security X-Force Threat Intelligence Index 2021. Together, these sources provide a reliable and up-to-date picture of the current cyber security landscape.
Is Cyber Crime Increasing?
Yes, cyber crime is increasing. The UK’s National Cyber Security Centre (NCSC) reported a record number of cyber incidents in 2020, with almost 700 incidents reported per month on average. According to a UK government report, cybercrime cost the country an estimated £14.8 billion in 2016-2017. This cost includes victims’ direct financial losses as well as the indirect costs associated with business disruption, reputational damage, and expenses incurred in responding to cyber-attacks.
In addition to the immediate financial costs, cyber crime can have long-term economic consequences such as decreased investor confidence, decreased competitiveness, and intellectual property loss. Cyber crime is a global issue that affects businesses and individuals worldwide, so its costs are not limited to the United Kingdom.
One UK-owned business that suffered a significant cyber-attack was British Airways in 2018. The attack resulted in the theft of the personal and financial data of approximately 380,000 customers. The company detected the attack in September 2018, and after an investigation, it was revealed that the attackers gained access to the company’s payment page and inserted a malicious script, which diverted customers to a fraudulent website where their data was harvested.
The breach had severe consequences for British Airways, including a fine of £20 million from the UK’s Information Commissioner’s Office (ICO) for failing to protect the personal and financial data of its customers adequately. The fine was the largest ever handed out by the ICO, and it sent a clear message to businesses that the regulator would not tolerate negligence when it comes to cyber security.
How do you prevent Cyber Crime?
Preventing cybercrime involves taking proactive measures to protect yourself, your business, and your personal information from cyber threats. Here are some key steps individuals can take to prevent cybercrime:
- Keep your software up to date.
- Use strong passwords.
- Be cautious of suspicious emails or websites.
- Use antivirus software.
- Practice safe browsing
- Educate yourself and your employees.
- Backup your data.
If you are a business owner who is concerned about cyber security, we offer decades of experience in IT to assist you. Schedule a meeting with our experts.
Whether you are an individual looking to protect your personal information or a business owner concerned about the security of your company’s data, our latest Cyber Crime Statistics page has something for everyone. Don’t hesitate to reach out to us for guidance and support in protecting your business from cyber threats.
We gather the latest cyber crime statistics from various sources, including the National Cyber Security Centre (NCSC), The Office of National Statistics (ONS), the FBI’s Internet Crime Complaint Centre (ICCC), Kaspersky and the National Crime Agency (NCA). These organisations provide valuable insights and analysis on the latest cyber crime trends, helping you stay informed and better equipped to protect your business against potential threats.
Featured Case Studies
-
Citizens Advice Doncaster Borough
Citizens Advice Doncaster Borough
Citizens Advice Doncaster Borough is a multi-site charity delivering vital frontline advice and support services to residents across the local region.
Read More -
The Griffin Institute
The Griffin Institute
The Griffin Institute is a leading not-for-profit biomedical research and surgical training organisation. Based at Northwick Park in Harrow and with over 30 years of experience.
Read More -
iRecruit
iRecruit
iRecruit are based in Doncaster and specialise in providing quality recruitment services to the UK markets.
Read More -
Arevon Energy
Arevon Energy
Arevon Energy, based in Warrington, harvest gas emissions from over 40 landfill sites in both the United Kingdom and United States and is a market leader in providing clean energy throughout these markets.
Read More -
RNB Commercials
RNB Commercials
Established in 1996, RNB Commercials Ltd boasts one of the largest VOSA test centres in the North West.
Read More
-
"Alex was a treat and understood the frustration. "
"Very helpful and speedy to assist me, problem was solved in a matter on minuets ! :)"
"Fabulous and quick "
"very helpful and excellant service "
