Cyber crime in a major problem for UK businesses of every size, whilst most of the major cyber security incidents we hear about are large businesses, this doesn't mean that they are the only businesses to be targeted.

In reality, over 560,000 new cyber threats are discovered daily and 81% of all UK businesses that suffer from a Cyber Security Attack are small and medium-sized businesses (SMBs/SMEs). But, in reality, 97% of businesses who suffer a cyber attack could have been protected if they had a modern and comprehensive cyber security solution in place. 

As your local cyber security experts we feel it is our role to help businesses understand the threats that they may be facing (see our news and educational articles). This is why we provide you with the most current and up-to-date data on UK cyber crime statistics for 2025. 

> Take our Business Cyber Security Health Check <

If you would like to speak to us about these statistics, or cyber security solutions for your (or your clients) business, visit the link above, or email info@twenty-four.it.

What is the cost of Cyber Crime in the UK?

In 2022, Cyber Crime cost UK Businesses an average of £4,200, the total cost of cyber crime to the UK economy is estimated to be £27 billion per year, with businesses accounting for a significant proportion of this cost. Based on recent reports, it is expected that the average cost to remedy an attack is £21,000. Despite this, only 22% of UK businesses have a formal cybersecurity incident management plan in place, and in 2024 only 31% of businesses and 26% of charities undertook a cyber security risk assessment/health check, suggesting that many businesses are not adequately prepared for the threat of cyber crime.

One of the most common forms of cyber crime in the UK is fraud, with a total of £1.3 billion lost to fraud in the UK in 2020. In Yorkshire and Humber alone in 2023, there were more than 2,030 reported instances of cyber crime and/or fraud, which totalled more than £19.3 million in financial losses. This included a significant amount lost to online shopping fraud, with victims losing a total of £63.8 million in 2020. In addition to fraud, there were 2.3 million cases of computer misuse reported in the UK, over one million incidents of unauthorised access to personal information, and over 400,000 reported cases of fraud and computer misuse.

Cyber attacks are a significant threat to businesses in the UK, with 50% of UK businesses reporting a cyber attack in 2024. The average cost of a cyber-attack to a medium UK business was £10,830.

In 2024, 84% of businesses that experienced cyber security breaches or attacks faced phishing attempts. Ransomware attacks in the UK increased by 70% in 2020, highlighting the growing threat of these types of attacks.

In 2024, the UK Government Cyber Security Breaches Survey revealed that 50% of UK businesses had suffered a cyber-attack or security breach in the previous 12 months. This is an increase from the previous year’s survey (39% in 2022). The UK’s Fraud and Cyber Crime Reporting Centre, Action Fraud, reported that in 2020, victims of online shopping fraud lost a total of £63.8 million ($88.3 million USD). This represents a 37% increase from the previous year, with the average loss per victim being £720 ($995 USD).

Here, we provide you with the most current and up-to-date data on cyber crime stats for the year 2025.

Our statistics are based on the most recent UK Gov Cyber Security Breaches Survey 2024 and the UK Gov Cyber Security Breaches Survey 2025, information available as of April 10th 2025.

We believe that staying informed about cyber crime is crucial. Our goal is to provide you with accurate and reliable data that you can use to protect yourself and your business.

Cyber crime refers to any criminal activity carried out using computers and the internet. With the rise of technology and the increasing reliance on digital communication, cybercrime has become a significant concern for individuals, businesses, and governments worldwide.

It can take many forms, including hacking, identity theft, phishing scams, and cyberbullying. Hacking involves gaining unauthorised access to computer systems, networks, or data and can be done for various malicious purposes. Phishing scams are designed to trick individuals into providing personal information through fraudulent emails or websites.

To stay protected, individuals and businesses should take preventive measures such as using strong passwords, keeping software up to date, and being cautious of suspicious emails or websites. Cyber crime is a growing threat that requires awareness and proactive action to mitigate its impact.

In late February 2020, the NCSC was evaluating a number of new takedown initiatives for the new financial year. The final decision on which initiatives would be implemented was made in March, just as the UK was entering the first lockdown. They noted the link between commodity cyber crime and subsequent fraud that may follow a breach of credentials or personal information through phishing or similar attacks.

To do more to prevent this, they decided to see whether the takedown service could lower the value proposition for other types of high-volume internet-enabled fraud.

Let’s take a look at the targeted attacks by type between March and December 2020.

The term “median availability” typically refers to the amount of time that a particular service or system is available to users over a given period. The median availability is the middle value in a range of availability measurements taken over that period.

From March 2020 to the end of the year, the NCSC dismantled 29,959 COVID-19-themed attack groups, which included 33,313 URLs. These attacks were classified by type and occurred between March and December 2020.

A fake shop is a type of online scam where fraudsters create a fake e-commerce website that appears to sell legitimate products. They often use high-quality images, descriptions, and prices to make the fake shop look real and attract unsuspecting shoppers. However, the products are either non-existent, counterfeit, or vastly different from what is advertised. The goal of the scam is to trick people into paying for products that they will never receive, allowing the scammers to profit from fraudulent transactions.

Fake online shop sites typically offer outlandish discounts on popular items to attract victims. They do not map to a real business and if a victim were to try to purchase an item, they would probably be charged for counterfeit goods or receive nothing at all. Between April 2020 and the end of the calendar year, the NCSC identified and took down 139,522 fake shops (222,353 URLs).

In 2020, the NCSC took down 11,286 UK phishing campaigns, a total of 59,435 URLs. These attacks were hosted all over the world and the median availability of these attacks was 21 hours, with 52% taken down within 24 hours of discovery.

According to a report by the UK government, cybercrime cost the country an estimated £14.8 billion in 2016-2017 alone. This cost includes the direct financial losses suffered by victims, as well as the indirect costs associated with the disruption of business operations, damage to reputation, and the expenses incurred in responding to cyber attacks.

In addition to the immediate financial costs, cyber crime can also have long-term impacts on the economy, such as reduced investor confidence, decreased competitiveness, and a loss of intellectual property. The costs of cyber crime are not limited to the UK, as it is a global issue that affects businesses and individuals worldwide.

Yes, cyber crime is increasing. The UK’s National Cyber Security Centre (NCSC) reported a record number of cyber incidents in 2020, with almost 700 incidents reported per month on average. According to a UK government report, cybercrime cost the country an estimated £14.8 billion in 2016-2017. This cost includes victims’ direct financial losses as well as the indirect costs associated with business disruption, reputational damage, and expenses incurred in responding to cyber-attacks.

In addition to the immediate financial costs, cyber crime can have long-term economic consequences such as decreased investor confidence, decreased competitiveness, and intellectual property loss. Cyber crime is a global issue that affects businesses and individuals worldwide, so its costs are not limited to the United Kingdom.

One UK-owned business that suffered a significant cyber-attack was British Airways in 2018. The attack resulted in the theft of the personal and financial data of approximately 380,000 customers. The company detected the attack in September 2018, and after an investigation, it was revealed that the attackers gained access to the company’s payment page and inserted a malicious script, which diverted customers to a fraudulent website where their data was harvested.

The breach had severe consequences for British Airways, including a fine of £20 million from the UK’s Information Commissioner’s Office (ICO) for failing to protect the personal and financial data of its customers adequately. The fine was the largest ever handed out by the ICO, and it sent a clear message to businesses that the regulator would not tolerate negligence when it comes to cyber security.