New figures published show that 43% of businesses suffered a cyber breach or attack in the past 12 months, underlining the persistent cyber threat facing the UK economy.

The government’s 2025/26 Cyber Security Breaches Survey shows the cyber threat to the UK remains widespread and significant, with 69% of large firms suffering cyber breaches or attacks and 29% of firms experiencing breaches or attacks at least once per week.

The findings follow a year of high-profile cyber incidents affecting major businesses, including M&S, Co-op and Jaguar Land Rover, and comes as AI is increasing the speed and scale at which cyber criminals can operate.

In an open letter to businesses earlier this month, Ministers warned a new generation of AI models is lowering the barrier for cyber criminals, helping them find weaknesses in software, write the code to exploit them, and carry out attacks at a speed and scale that would have been impossible even a year ago.

Cyber Security Minister Baroness Lloyd has already written to the CEOs and Chairs of over 180 of the UK’s leading businesses to encourage as many as possible to sign up to a new Cyber Resilience Pledge ahead of a formal launch later this year.

Businesses will be able to become signatories if they take three concrete actions to increase their security. This includes making cyber security a board-level responsibility, signing up to the National Cyber Security Centre’s free Early Warning service, and obtaining the government-backed Cyber Essentials certification across their supply chains.

For smaller firms, the government’s Cyber Essentials campaign is urging SMEs to “lock the door” on cyber criminals and protect themselves from common online threats.

Cyber Security Minister Liz Lloyd said: “These figures are a stark reminder of the importance of having robust cyber security measures. All business leaders should be gripping this issue and taking action now, especially as AI is making the threat more acute. Quite simply, firms cannot afford not to take these steps.

“Businesses are not powerless. Practical steps such as using the NCSC’s free guidance, signing up to their Early Warning service and adopting Cyber Essentials can significantly strengthen defences and help keep businesses, customers and the wider economy safe.”

The pledge was announced at CYBERUK in Glasgow last week, as the government set out £90 million of new funding to improve cyber resilience across the economy. The event brought together Ministers, industry leaders, security chiefs and cyber specialists to discuss how to protect and grow the UK economy in the face of worsening cyber threats.

The survey shows cyber threats remain a persistent risk, with approximately 612,000 businesses reporting at least one cyber breach or attack in the past 12 months.

The survey also shows that too many organisations remain underprepared. Board-level responsibility for cyber security among businesses has risen to 31%, up from 27%, reversing a downward trend since 2020/21, but only 25% of businesses have a formal incident response plan. With 43% of businesses experiencing a breach or attack in the past year, ministers are urging firms to prepare for incidents before they happen.

As in previous years, phishing attacks continue to be the most common breach or attack suffered by 38% of firms, highlighting the ongoing importance of staff awareness and good cyber hygiene.

The statistics come as the government marks the second anniversary of the Product Security and Telecommunications Act which has boosted the cyber security of a wide range of internet-connected ‘smart’ devices used by the public, such as smart TVs, cameras and children’s toys.

The Act means the millions of internet-connected devices sold each year and used by over 99% of UK adults are now better protected, with recent figures from the Office for Product Safety and Standards showing that 100% of devices they tested are now compliant with the new requirements for strong passwords.

The government is also strengthening cyber resilience across the economy through the Cyber Security and Resilience Bill, which will boost UK cyber defences and strengthen the resilience of essential and digital services and key suppliers. It will help protect the services people rely on every day, from energy and water to healthcare and data centres, while stronger defences throughout supply chains will reduce the risk of disruption from cyber attacks and help keep vital services running.