eCommerceNews UK - Technology news for digital commerce decision-makers
United Kingdom
Flux result 745407e4 b822 4943 98f8 2e27ef605348
#
Malware
#
Firewalls
#
VPNs

UK firms urged to bolster cyber security after breaches

Wed, 15th Apr 2026
Author image
By Shannon Williams, News Editor

The Business Hub has warned UK companies to strengthen basic cyber security after new government figures showed 43% suffered a breach or attack in the past year, equivalent to an estimated 612,000 businesses.

The figures also show phishing was linked to 54% of cyber-facilitated fraud cases, while ransomware attacks doubled year on year to affect an estimated 19,000 businesses. At the same time, only 40% of UK businesses used two-factor authentication, according to data cited by The Business Hub.

Losses remain significant. The data put the average cost per business at £990 for cyber crime excluding phishing, £5,900 for cyber-facilitated fraud, and £10,000 when zero-loss cases are excluded.

Sector Exposure

Some industries reported much higher attack levels than the national average. Information and communications businesses were the most affected, with 69% reporting some form of cyber incident in the previous 12 months.

Professional, scientific and technical businesses followed at 55%. Administration and real estate, finance and insurance, and utilities and production each stood at 48%.

Businesses in information and communications are especially exposed because they often sit across multiple client systems and networks, making them attractive targets for attackers seeking wider access, said Andy Pickett, chief technology officer at The Business Hub.

"Information and communications businesses are prime targets because they sit at the centre of multiple client networks. Hackers don't just want their data, they want access to everyone connected to them. This is why it is so important to train staff to spot security breaches such as phishing emails," Pickett said.

Phishing Risk

Phishing remained the most common route into organisations in the survey data. Nearly three in 10 businesses that experienced phishing attacks said they dealt with them weekly or more often.

Pickett said warning signs often include urgent requests involving payments or login details, messages that appear to come from senior colleagues or suppliers, and small changes in email domains.

"Phishing remains the single biggest gateway into UK businesses. If your team isn't trained to question urgency and verify payment requests, you're exposed," he said.

He added that businesses should be alert to emails impersonating directors, suppliers or managers, especially if the tone feels unusual or the sender would not normally make contact in that way.

"You should also always check if the email domain is correct. Check previous email chains to ensure they match. Slight variations such as .co instead of .com are a common sign. To avoid phishing becoming a problem in your business, training staff is key," Pickett said.

Impersonation And Scale

Impersonation was identified as the second most disruptive type of attack, accounting for 18% of cases. More than a third of businesses that experienced breaches reported impersonation attacks, rising to 51% among small businesses.

Common signs include customers or suppliers querying messages a company did not send, fake social media accounts, and altered invoice details.

"You may notice customers or suppliers querying emails you didn't send, an increase in fake social media profiles, or slight changes in invoice details," Pickett said.

He said vigilance was the most important response, adding that checking invoice details more carefully and monitoring social media profiles could help stop an attack from escalating.

The figures also suggest risk rises with company size. More than half of large businesses, or 52%, reported a cyber attack in the last year, compared with 25% of small businesses and 18% of micro businesses.

Larger organisations were more likely to report malware, ransomware, denial-of-service attacks and unauthorised access. Yet board-level oversight appears to have weakened, with the share of businesses that had a board member responsible for cyber security falling from 38% in 2021 to 27% in 2025.

"Cyber risk is rising, but board-level accountability is falling. That's a dangerous combination, and a costly one," Pickett said, adding that business owners and executives should treat the figures as a wake-up call.

Basic Controls

Use of external advice also varied by business size. Medium-sized businesses were the most likely to seek cyber security guidance, at 69%, followed by small businesses at 56%, large businesses at 51%, micro businesses at 38%, and charities overall at 37%.

Pickett said many businesses had antivirus software, firewalls and backups, but stronger controls were still not widespread. Alongside the 40% using two-factor authentication, 31% used a VPN for remote staff and 30% monitored user activity.

"Many businesses have basic protections, but adoption of stronger controls remains low. If you lack 2FA, secure remote access or monitoring tools, you are significantly more exposed to account takeover and fraud," he said.

He added that businesses unsure how to prepare for a cyber security breach should consider hiring dedicated staff or seeking help from external specialists.

"Cyber attacks are no longer rare events. They are recurring business risks. The question isn't whether you will be targeted, it's whether you're prepared when it happens," Pickett said.

Related stories
UK broadband switching jumps 24% as April bills rise
UK CFOs say manual spend management lags modernisation
payabl. launches Visa Click to Pay for European merchants
Moloco launches performance CTV ads for app marketers
Apple launches business platform as Maps ads near rollout

Top stories

OpenAI expands Codex with desktop & workflow tools
Canva launches AI 2.0 to turn prompts into editable designs
Testlio launches AI chatbot testing service amid scrutiny
Mastercard & Lobster.cash team up for AI agent payments
Rithum launches SupplyExplorer to speed supplier discovery