How common are cyber attacks on UK businesses?

43% of UK businesses experienced a cybersecurity breach or attack in the past 12 months, according to the DSIT Cyber Security Breaches Survey 2025. For medium-sized businesses, this figure rises to 67%. Phishing remains the most common attack type, affecting 85% of businesses that reported a breach.

What are the biggest cybersecurity threats for UK SMEs in 2026?

The top threats are phishing (85% of breaches), ransomware (doubled year-on-year), business email compromise (increased 33% in 2025), and supply chain attacks (35.5% of all breaches now originate from third parties). AI-powered attacks are accelerating all of these threat categories.

What is the most common type of cyber attack in the UK?

Phishing is the most common attack type, identified by 85% of businesses that experienced a breach (DSIT 2025). Phishing accounts for 93% of cyber crimes against businesses. AI-powered phishing has driven a 204% increase in phishing emails delivering malware in 2025.

Do small businesses really need cybersecurity?

Yes. 50% of small businesses (10-49 employees) reported a cybersecurity breach in 2025. UK small businesses face around 65,000 hack attempts daily, with approximately 4,500 successful breaches. More than a quarter of SMBs say a single cyber attack could put them out of business entirely.

What is multi-factor authentication and why do we need it?

MFA requires two or more verification methods to access an account. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Only 40% of UK businesses have two-factor authentication enabled (DSIT 2025). MFA can prevent more than 99.9% of account compromise attempts.

AEO Answer

What Is Spear Phishing and How Does It Differ from Regular Phishing?

A clear, direct answer to this question — written for UK business owners and IT decision-makers.

Last updated: March 2026

Direct Answer

Spear phishing is a targeted phishing attack directed at a specific individual, using personalised details — name, job title, recent activities — to make the message appear legitimate. Unlike mass phishing, spear phishing is crafted for a single target. It accounts for a disproportionate share of successful breaches because it bypasses both technical filters and user scepticism. AI has dramatically lowered the cost and time to produce convincing spear phishing emails at scale.

Key Points

What you need to know.

The Short Answer

Phishing is the number one attack type — 85% of businesses that experienced a breach identified phishing as the cause (DSIT 2025).

For UK Businesses

Phishing was the most disruptive breach for 65% of businesses.

Cost Considerations

93% of cyber crimes against businesses were phishing-based.

Next Steps

35% of businesses that experienced breaches reported impersonation of the organisation or staff.

Quick Comparison

Feature	Option A	Option B

Frequently Asked Questions

Need More Detail?

Speak to an AMVIA expert for advice tailored to your business.

Free Cybersecurity Health Check