Back in 2012, I recorded a video about cybercrime and its impact on UK businesses. Fast forward to 2025, and the threat landscape has changed beyond recognition.
While the core message remains, staff training and awareness are crucial; the scale, sophistication, and consequences of cybercrime have grown exponentially. Here’s an updated look at what’s changed, what’s stayed the same, and what every business owner needs to know.
The Cost of Cybercrime: 2024 in Numbers
While the most recent official statistics are from 2024, this article reflects the state of cybercrime and best practices as we enter 2025.
- Half of UK businesses (50%) and a third of charities (32%) reported a cyber breach or attack in the past year. For medium-sized businesses, this rises to 70%, and for large businesses, it is 74%. [www.gov.uk]
- Phishing remains the top threat, affecting 84% of businesses that have been breached. [www.gov.uk]
- Average cost of the most disruptive breach: £1,205 for businesses of any size, but £10,830 for medium and large businesses. [www.gov.uk]
- Ransomware attacks reached record levels in 2024, with data exfiltration (theft) involved in 94% of cases. [www.silicon.co.uk]
- Supply chain attacks have doubled in the last year, with 30% of all cyberattacks now originating via third-party suppliers. [www.ft.com]
“Cybercrime affects over 39% of businesses monthly, illustrating the critical need for effective cyber defence mechanisms.”
- 127 Media, How Can My Business Improve Cyber Security?
The Human Factor: Still the Weakest Link
- Phishing attacks are more sophisticated than ever, with 32% of phishing emails now generated by AI.
- Attackers use social media and public data to impersonate colleagues, suppliers, or even customers, making scams highly convincing.
- Real-world example: In April 2025, Marks & Spencer suffered a major cyberattack after a third-party contractor was compromised, disrupting online shopping and incurring an estimated £300 million in costs.
Supply Chain Attacks: The Modern Delivery Scam
- Jaguar Land Rover (JLR) was hit by a cyberattack in August 2025, halting production for weeks and costing an estimated £50 million per week. The attack’s impact rippled through the supply chain, threatening thousands of jobs and forcing the government to step in with a £1.5 billion loan guarantee.
- 30% of cyberattacks in 2024 originated via third-party suppliers, double the previous year.
- Financial services: 58% of large UK financial firms suffered at least one supply chain attack in 2024.
Ransomware and Emerging Threats
- Ransomware remains a dominant threat. While the number of attacks fluctuates, the tactics are evolving, with double extortion (threatening to leak data) now common.
- Manufacturing, finance, and healthcare are the most targeted sectors in the UK.
- AI in cybercrime: Attackers use AI to automate phishing, develop new malware, and even create deepfakes for social engineering.
Modern Security Strategies: What Works in 2025
- Zero Trust Model
Never trust, always verify. Every user and device must be authenticated, even inside your network. - Multi-Factor Authentication (MFA)
Passwords alone are no longer enough. MFA is essential for all accounts, yet adoption remains inconsistent. - Regular Cybersecurity Risk Assessments
Only 31% of UK businesses conduct regular risk assessments, leaving many vulnerable to potential risks. - Incident Response Planning
Have a formal, tested plan for cyber incidents, including regular data backups and clear communication protocols. - Cyber Insurance
The cost of an attack can be crippling. Cyber insurance can help a business recover more quickly. - Continuous Training
One-off training sessions are not enough. Staff training should be ongoing, interactive, and regularly updated to reflect new scam tactics and evolving threats.
Support and Resources
- North West Cyber Resilience Centre (NWCRC): Offers free and low-cost guidance, training, and templates for businesses in the North West.
- National Cyber Security Centre (NCSC): Provides authoritative advice, including the Cyber Essentials certification scheme.
- 127 Media: As a trusted technology partner, we help UK SMEs deploy secure hosting, cloud, and IT solutions, and provide ongoing support and training.
Key 2024 UK Cybercrime Statistics
Metric
Latest Value/Trend (2024)
Source
% of UK businesses breached
50% (70% medium, 74% large)
Most common attack type
Phishing (84% of breaches)
Average cost per breach (medium biz)
£10,830
Ransomware prevalence
Record levels, 94% involve data exfiltration
Supply chain attack frequency
Doubled in 2024; 30% of attacks via third parties
MFA adoption
Still lagging; strong passwords and MFA essential
Final Thoughts
Cybercrime is now a persistent and evolving threat. While technology and tactics have changed since 2012, the most effective defences remain a combination of robust technical controls and well-trained, vigilant staff. By adopting a Zero Trust mindset, implementing MFA, conducting regular risk assessments, and investing in continuous training, businesses can significantly reduce their risk.
For further guidance, consult the NCSC and NWCRC, and consider Cyber Essentials certification to demonstrate your commitment to security.
If you need help with any aspect of your digital security, contact 127 Media for expert advice and support.
