UK Cyber Security Breaches Survey 2025/2026: What Midlands Businesses Need to Know
05 May 2026
The latest UK Government Cyber Security Breaches Survey, published by the Department for Science, Innovation and Technology, reinforces a message Midlands Cyber has been highlighting for years: cyber threats remain a persistent business risk, and many organisations still lack the resilience needed to respond effectively.
The survey shows that 43% of UK businesses experienced a cyber breach or attack in the last 12 months, equivalent to approximately 612,000 businesses nationwide. Charities also remain affected, with 28% reporting incidents.
Key Findings
1. Phishing Remains the #1 Threat
Phishing continues to be the most common attack vector, often delivered through fraudulent emails, fake login pages, or impersonation attempts. This reinforces the importance of staff awareness training, secure authentication practices, and a strong reporting culture.
2. Larger Organisations See More Attacks—but SMEs Remain Targets
The survey confirms that cybercriminals remain opportunistic, with organisations of all sizes being targeted:
- Medium businesses: 65%
- Large businesses: 69%
- Micro businesses: 42%
- Small businesses: 46%
Size alone does not reduce cyber risk. SMEs remain a frequent target due to gaps in controls, training, and incident readiness.
3. Cyber Essentials Adoption is Improving—but Still Low
Only 5% of businesses currently hold Cyber Essentials certification. While adoption is improving, most businesses have yet to implement all five core technical controls that form the foundation of cyber resilience.
4. Incident Response Planning is Still Lacking
Just 25% of businesses have a formal incident response plan in place. While many organisations report incidents internally, fewer have documented playbooks, escalation routes, or external reporting processes.
5. Cyber Governance is Moving into the Boardroom
The survey highlights growing leadership awareness of cyber risk. However, many organisations still treat cyber security as an IT issue rather than a strategic business priority. Supply chain security, AI adoption, software procurement, and data governance are now board-level concerns.
Midlands Cyber Perspective
For organisations across the West Midlands and wider Midlands region, these findings demonstrate that cyber resilience is no longer optional—it is a core business capability.
At Midlands Cyber, we see three immediate priorities for regional businesses:
- Strengthen cyber awareness across your workforce
- Adopt recognised frameworks such as Cyber Essentials
- Develop incident response and supply chain resilience plans
As AI adoption, digital transformation, and connected supply chains continue to accelerate, organisations that invest early in cyber maturity will be better positioned to grow securely and competitively.
Work With Midlands Cyber
Cyber resilience is not just about technology - it’s about people, processes, partnerships, and building long-term capability. Whether you're an SME starting your cyber journey, a larger organisation looking to strengthen supply chain resilience, or a technology business seeking to connect into the regional cyber ecosystem, Midlands Cyber can help.
We work with businesses, public sector organisations, academic partners, and technology providers across the Midlands to connect expertise, share best practice, and support secure growth.
Looking for support?
If your organisation wants to improve cyber resilience, explore Cyber Essentials, access specialist expertise, or collaborate with the region’s cyber community, we’d love to hear from you.
OUR PARTNERS
Close