What is the most common type of cyber attack in the UK?

Phishing is the most common attack type, identified by 85% of businesses that experienced a breach (DSIT 2025). Phishing accounts for 93% of cyber crimes against businesses. AI-powered phishing has driven a 204% increase in phishing emails delivering malware in 2025.

What is ransomware and should UK businesses be worried?

Ransomware is malicious software that encrypts your data and demands payment for its return. Approximately 19,000 UK businesses were hit by ransomware in 2025. The median UK ransom demand has doubled to $5.37 million, and average recovery costs reach $2.58 million excluding the ransom itself.

What are the biggest cybersecurity threats for UK SMEs in 2026?

The top threats are phishing (85% of breaches), ransomware (doubled year-on-year), business email compromise (increased 33% in 2025), and supply chain attacks (35.5% of all breaches now originate from third parties). AI-powered attacks are accelerating all of these threat categories.

How do supply chain attacks affect UK businesses?

Only 14% of UK businesses formally review cyber risks from their immediate suppliers. 35.5% of all global data breaches in 2024 originated from third-party compromises. Supply chain attacks add an average of £241,620 to the total cost of a breach and take 267 days to detect and contain.

How much should a small business spend on cybersecurity?

UK businesses typically allocate 13.2% of their total IT budget to cybersecurity. More than half of UK small businesses increased their cybersecurity spending in 2024. 85% of UK firms plan to boost their cyber budget for 2026. The cost of prevention is significantly less than the average breach cost of £3,550.

AEO Answer

What Is Social Engineering in Cybersecurity?

A clear, direct answer to this question — written for UK business owners and IT decision-makers.

Last updated: March 2026

Direct Answer

Social engineering is the use of psychological manipulation to trick people into revealing information or taking actions that compromise security — rather than exploiting technical vulnerabilities. Phishing is the most common form, but attacks also include vishing (voice calls), smishing (SMS), and pretexting (fabricated scenarios). AI is making social engineering more convincing and harder to detect. The primary defences are staff awareness training and strict verification procedures for sensitive requests.

Key Points

What you need to know.

The Short Answer

21% of businesses that experienced a breach reported a negative outcome such as loss of money or data.

For UK Businesses

7% of businesses that experienced a breach reported temporary loss of access to files or networks — up from 4% in 2024.

Cost Considerations

The NCSC handled 429 total incidents in 2025, with 204 classified as nationally significant — the highest-ever number.

Next Steps

What you should do with this information.

Quick Comparison

Feature	Option A	Option B

Frequently Asked Questions

Need More Detail?

Speak to an AMVIA expert for advice tailored to your business.

Free Cybersecurity Health Check