More than 40% of UK businesses experienced at least one cyber breach or attack during 2025/26, according to the British government’s latest Cyber Security Breaches Survey, underscoring the persistent scale of digital threats facing companies despite heightened awareness and security investments.

The report found that 43% of businesses — around 612,000 companies — reported cyber incidents over the past year, matching the previous year’s rate. Phishing remained the most common threat vector, affecting 38% of businesses, as attackers continue to exploit employee vulnerabilities through deceptive emails, fake credentials requests, and social engineering.

While the percentage has improved from 50% in 2023/24, the overall number remains substantial, signaling that cyber risk is becoming a permanent operational challenge for businesses rather than a temporary spike. UK officials are particularly concerned about the role artificial intelligence may play in intensifying future threats, as AI tools can enhance phishing sophistication, automate attack strategies, and increase the speed of malicious campaigns.

British cybersecurity leaders have warned that hostile states and organized cybercriminal groups may increasingly combine AI with geopolitical targeting, raising the stakes for both private companies and national infrastructure. Government ministers are urging business leaders to strengthen defenses immediately, emphasizing employee training, phishing prevention, incident response planning, and AI-era security adaptation.

The findings reinforce a broader global trend: as digital transformation accelerates, cybersecurity is no longer just an IT issue but a core business survival priority. Companies that fail to modernize defenses may face growing exposure to financial losses, operational disruption, and reputational damage.