2025 UK Cyber Breaches Survey: What need to know - What you need to do Artwork

Business Leaders Cyber Briefing

A short summary of the latest cyber security news and trends, from the perspective of business leaders and owners. Hosts Trish and Tom provide plain English explanations along with practical advice to keep your business safe and secure from cyber crime and disruption.

For cyber security help and advice, speak to Cool Waters Cyber: www.cool-waters.co.uk

All Episodes

Business Leaders Cyber Briefing

2025 UK Cyber Breaches Survey: What need to know - What you need to do

June 03, 2025 • Cool Waters Cyber • Season 1 • Episode 12

Business Leaders Cyber Briefing - Episode 12: Key Takeaways

What You'll Learn from This Episode

Trish and Tom from Cool Waters Cyber break down the 2025 Cyber Security Breaches Survey findings to help UK financial services leaders understand their current risk landscape and improve their cyber defenses.

Critical Insights for Business Leaders

Your Risk Profile is Higher Than You Think

74% of large businesses and 67% of medium businesses experienced cyber incidents
Finance and digitally intensive sectors face elevated risks
Ransomware attacks have doubled, now affecting 1% of all businesses (19,000 organizations)

Phishing Remains Your Biggest Threat

85% of breached businesses were hit by phishing attacks
Even failed attempts drain significant staff time
AI-enhanced scams are making phishing more sophisticated and harder to detect

Financial Impact Can Be Severe

Average breach costs range from £1,600 to £8,260 depending on severity
Cyber-facilitated fraud averages £5,900 per incident
Repeat attacks are common—affected businesses face an average of 30 incidents annually

Key Action Items

Strengthen Board Accountability

Only 27% of businesses have a board member explicitly responsible for cyber security
Finance sector performs better (57%) but still has room for improvement
Make cyber security a standing board agenda item

Improve Incident Response Preparedness

Just 23% of all businesses have formal incident response plans
Only 39% of affected businesses report incidents externally
Develop and regularly test your incident response procedures

Implement Proven Frameworks

Use the UK Cyber Governance Code of Practice's five principles as your foundation
Consider IASME Cyber Assurance for comprehensive governance alignment
Start with Cyber Essentials for essential technical controls

Bottom Line

The episode demonstrates that while cyber threats are intensifying, businesses with structured governance and incident response capabilities are better positioned to minimize impact. The key is moving from reactive to proactive cyber security management through proven frameworks and clear board-level accountability.

Next Steps: Assess your current cyber governance against the five principles, ensure you have formal incident response plans, and consider certification standards like Cyber Essentials or IASME Cyber Assurance to systematically strengthen your defences.

Need help with Cyber Security?

Speak to Cool Waters Cyber - NCSC assured Cyber Advisors and Cyber Essentials experts - www.cool-waters.co.uk