Cyberattacks have become a massive financial burden on UK businesses, with the government’s latest independent research revealing that the annual cost now reaches a staggering £14.7 billion on the UK economy.
For emphasis, the figure represents roughly half of a percent (0.5%) of the UK economy’s gross domestic product (GDP), meaning that cyber threats are the new order of the day in the country, as they are one of the pressing challenges that British companies encounter today.
This research was backed by the country’s Department for Science, Innovation, and technology (DSIT), as they combined in-depth economic modeling, surveys, and other forms of research to gather information across thousands of UK organizations.
The findings of the DSIT reveal the huge scale of losses and also highlight the escalating trend and sophistication of these cyberattacks that are targeting businesses across all sectors.
The Cost of Cyberattacks Suffered by UK Businesses
According to the DSIT, the average financial cost from a significant cyber-attack on a UK business stands at almost £195,000. While the impact may vary depending on industry and sectors, this average financial cost still reflects the complexity of the cyber threats these businesses encounter.
Additionally, beyond immediate financial costs, cyber-crime also affects intellectual property and knowledge assets, potentially causing long-term damage to innovation and competitive advantage.
Nearly half of all UK businesses experienced a cybersecurity breach or attack in the past year, which shows how pervasive these threats have become. From large corporations to small and medium enterprises (SMEs), no corner of the UK business setting or landscape is immune.
For context, the UK’s Cyber Security Centre (NCSC) in 2023 recorded a surge in nationally significant cyber incidents, doubling from 89 incidents in 2023 to 204 incidents from 2024-2025. This meant that for every two days in the UK from 2024 to 2025, businesses experienced cyberattacks, with half of them classified as highly significant and disrupting essential services and government operations.
Why This Research Matters Now
The surging cost and frequency of cyberattacks come at a time when UK businesses are rapidly digitizing and integrating new technologies, often without proportional increases in cybersecurity readiness.
Phishing attacks still dominate the landscape, accounting for 85% of all successful breaches, while ransomware cases have doubled in just one year.
It is against the backdrop of these growing economic damages and escalating threat sophistication that the UK government introduced the Cyber Security and Resilience Bill in November 2025.
Per the design of the bill, it will strengthen cybersecurity regulation by extending the scope and coverage to critical digital service providers and infrastructure beyond previous frameworks.
