The Cybersecurity landscape for Small Businesses and Charities

In today’s increasingly digital world, cybersecurity has become a critical concern for organisations of all sizes. Small businesses and charities in the UK face particular challenges, often operating with limited resources whilst becoming increasingly attractive targets for cybercriminals. This blog post examines the current cybersecurity landscape, explores the emerging threats on the horizon, and provides valuable resources for tracking ransomware attacks and security breaches.

The Current Cybersecurity Landscape

Prevalence of Cyber Attacks

The UK Cyber Security Breaches Survey 2025, commissioned by the Department for Science, Innovation and Technology (DSIT) and the Home Office, reveals that cybersecurity breaches and attacks remain a common threat across the UK. Just over four in ten businesses (43%) reported experiencing some form of cybersecurity breach or attack in the last 12 months, equating to approximately 612,000 UK businesses. For charities, the figure stands at three in ten (30%), representing about 61,000 organisations.

Whilst these figures represent a decrease from 2024 (when 50% of businesses reported incidents), the threat remains significant. Notably, this decline was primarily observed among micro and small businesses, which reported fewer phishing attacks. Medium and large businesses continue to experience consistently high exposure, with 70% and 74% respectively reporting breaches, suggesting that scale and complexity remain key risk factors.

Types of Attacks

Phishing continues to dominate the threat landscape, with 85% of affected businesses citing it as the main source of disruption. There is growing concern about the sophistication of these methods, particularly the rise of AI-driven impersonation techniques, which are becoming more challenging to detect and defend against.

Ransomware attacks have also seen a concerning increase, doubling from less than 0.5% of businesses in 2024 to 1% in 2025—translating to an estimated 19,000 organisations affected. The financial impact of these attacks can be substantial, with the average cost of cyber crime (excluding phishing) reported at £990 per business, rising to £1,970 when zero-cost responses were excluded. Cyber-facilitated fraud carries even higher financial burdens, with an average cost of £5,900, rising to £10,000 when zero responses were excluded.

Impact on Small Businesses and Charities

Small businesses have shown encouraging improvements in cyber hygiene practices. The survey reveals that 62% of small businesses now have cyber insurance, a significant jump from 49% in 2024. Additionally, 48% now conduct risk assessments, up from 41% last year, and there have been increases in formal policies and continuity planning, suggesting a growing maturity in approach.

However, high-income charities have seen a marked decline in key cybersecurity activities. The drop in formal strategies (from 47% to 39%) and supplier risk assessments (from 36% to 21%) suggests a tension between ambition and capacity, likely driven by budget constraints.

Current Security Measures

The majority of businesses and charities have implemented basic technical controls, such as:

• Updated malware protection (77% of businesses)
• Password policies (73% of businesses)
• Network firewalls (72% of businesses)
• Backing up data securely through cloud services (71% of businesses)
• Restricted admin rights (68% of businesses)

However, adoption of more advanced controls remains lower:

• Two-factor authentication (40% of businesses)
• Virtual private networks for staff connecting remotely (31% of businesses)
• User monitoring (30% of businesses)

Staff training and awareness-raising activities on cybersecurity were more prevalent in large businesses (76% compared to 19% of businesses overall), highlighting a potential vulnerability for smaller organisations.

Governance and Management Issues

Whilst cybersecurity remains a high priority for 72% of businesses, board-level responsibility has declined. Only 27% of businesses report having a board member responsible for cybersecurity, down from 38% in 2021. This decline hints at a possible disconnect between strategic importance and executive oversight, a gap that could have serious implications for long-term resilience.

Supply chain vulnerabilities remain a blind spot, with only 14% of businesses formally reviewing risks posed by their immediate suppliers, and even fewer examining the wider supply chain. This oversight is concerning, given the growing trend of supply chain compromises, which can be used as vectors for broader systemic attacks.

The Future Threat Landscape

As we look towards the future, several emerging threats are likely to pose significant challenges for small businesses and charities in the UK.

1. Generative AI Cyber Attacks

Cyber criminals and fraudsters are increasingly using generative AI to create more convincing cyber attacks and more personalised communications. This technology enables them to roll out phishing attempts in much larger quantities, giving them a greater chance of success. Previously, poor spelling and grammar were often giveaways in basic phishing attempts, but now attackers have easy access to tools that can create highly plausible and genuine-sounding communications.

The rise of AI-driven impersonation techniques is particularly concerning, as these are becoming more challenging to detect and defend against. Small businesses and charities, which may lack sophisticated detection systems, are particularly vulnerable to these increasingly convincing attacks.

2. Supply Chain Vulnerabilities

Cyber criminals are frequently attacking or infiltrating smaller businesses to gain access to larger businesses in their supply chain. This trend is expected to continue, with supply chain attacks responsible for some of the highest-profile breaches in 2024, such as the Synnovis and Network Rail attacks.

For small businesses and charities, this presents a dual threat: they may be targeted both as entry points to larger organisations and as victims in their own right. Recommendations include conducting background checks on new suppliers and contractors, ensuring suppliers adhere to robust cybersecurity standards (such as Cyber Essentials certificates), conducting regular risk assessments, and implementing secure communication protocols.

3. Ransomware Increases

Ransomware attacks are becoming more targeted, with criminals threatening not only to encrypt data but also to leak it publicly. Cyber hackers rely on the fact that businesses, charities, or educational establishments do not want cyber and data breaches to become public knowledge and may be tempted to pay the ransom through a sense of urgency and panic.

The doubling of ransomware attacks from 2024 to 2025 indicates this trend is accelerating, and small businesses and charities—which may lack robust backup systems and incident response plans—are particularly vulnerable.

4. Nation-State Threats

The global geopolitical landscape is increasingly influencing the cyber threat environment. Nation-state actors, motivated by political or strategic goals, are launching more sophisticated cyberattacks targeting critical infrastructure, government agencies, and private enterprises.

In 2025, we can expect an uptick in cyberattacks from nation-state actors as global tensions rise. These attacks are moving away from the direct theft of sensitive information to focus more on destabilising economies, disrupting services, or causing widespread panic. Small businesses and charities may be caught in the crossfire, particularly if they work in sensitive sectors or with government agencies.

5. Regulatory Compliance Challenges

The importance of regulatory compliance in cybersecurity has shifted from being a mere checkbox exercise to a fundamental aspect of any organisation’s strategy. With new regulations on the horizon, especially in the UK and Europe, businesses and charities are faced with increasingly stringent requirements.

For small businesses and charities with limited resources, navigating this complex regulatory landscape presents a significant challenge. The demand for compliance-as-a-service solutions is likely to increase, offering tailored solutions that simplify the process of ensuring adherence whilst enhancing overall cybersecurity posture.

6. Solution Consolidation Needs

In response to the growing complexities of the threat landscape, there is a trend towards single-platform solutions. Currently, organisations rely heavily on point solutions designed to address specific security concerns, but as threats grow increasingly complex, the demand for integrated solutions will increase.

Small businesses and charities, which may struggle with managing multiple security tools, could benefit from this trend. However, the transition to integrated solutions requires careful planning and potentially significant investment, which may be challenging for resource-constrained organisations.

Resources for Tracking Ransomware Attacks and Security Breaches

Staying informed about the latest cybersecurity threats is essential for small businesses and charities. The following resources provide valuable information for tracking ransomware attacks and security breaches:

UK Government Resources

1. Cyber Security Breaches Survey
   • The UK government’s annual research on cyber resilience provides comprehensive statistics on breaches affecting UK businesses and charities.
   • https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025
2. National Cyber Security Centre (NCSC)
   • The UK’s technical authority for cyber incidents offers alerts, advisories, and guidance on current threats, including weekly threat reports.
   • https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports
3. Action Fraud
   • The UK’s national reporting centre for fraud and cyber crime provides alerts about current scams and threats and allows reporting of cyber incidents.
   • https://www.actionfraud.police.uk/

Global Ransomware Tracking Resources

1. CYFIRMA Ransomware Tracking Reports
   • These monthly reports provide detailed analysis of ransomware trends, tracking ransomware groups, targeted industries, and geographical targets.
   • https://www.cyfirma.com/research/tracking-ransomware-february-2025/
2. Spin.AI Ransomware Tracker
   • This regularly updated tracker details recent ransomware attacks by name, location, date, and industry, providing statistics on attack trends and financial impact.
   • https://spin.ai/resources/ransomware-tracker/
3. Cyber Management Alliance Monthly Attack Reports
   • These comprehensive monthly summaries of cyber attacks, data breaches, and ransomware incidents are organised by category with detailed information about each incident.
   • https://www.cm-alliance.com/cybersecurity-blog/biggest-cyber-attacks-ransomware-attacks-data-breaches-of-march-2025

Industry-Specific Resources

1. Charity Digital
   • This resource specifically for UK charities provides guidance and alerts about threats targeting the charity sector.
   • https://charitydigital.org.uk/topics/topics/cyber-security-for-charities-7158
2. Health-ISAC (Health Information Sharing and Analysis Center)
   • Focused on healthcare sector cybersecurity threats, this resource provides alerts and analysis specific to healthcare organisations.
   • https://h-isac.org/
3. FS-ISAC (Financial Services Information Sharing and Analysis Center)
   • This resource focuses on financial sector cybersecurity threats and tracks attacks targeting financial institutions.
   • https://www.fsisac.com/

Conclusion

The cybersecurity landscape for small businesses and charities in the UK is evolving rapidly, with both encouraging developments and concerning trends. Whilst small businesses are showing improvements in cyber hygiene practices, high-income charities are experiencing a decline in key cybersecurity activities. The threat landscape continues to evolve, with generative AI, supply chain vulnerabilities, and ransomware presenting significant challenges for the future.

To navigate this complex environment, small businesses and charities must adopt a proactive approach to cybersecurity. This includes implementing basic technical controls, providing staff training, conducting regular risk assessments, and staying informed about the latest threats through the resources provided.

By understanding the current landscape and preparing for future threats, small businesses and charities can enhance their cyber resilience and protect their valuable assets, data, and reputation in an increasingly digital world.

References

1. UK Cyber Security Breaches Survey 2025. Department for Science, Innovation and Technology (DSIT) and the Home Office. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025
2. What are the cyber threats to businesses in 2025? North West Cyber Resilience Centre. https://www.nwcrc.co.uk/post/what-are-the-cyber-threats-to-businesses-in-2025
3. The UK’s cybersecurity landscape: key trends and challenges for 2025. Resilience Forward. https://resilienceforward.com/the-uks-cybersecurity-landscape-key-trends-and-challenges-for-2025/
4. TRACKING RANSOMWARE – FEBRUARY 2025. CYFIRMA. https://www.cyfirma.com/research/tracking-ransomware-february-2025/
5. Recent Ransomware Attacks | Ransomware Tracker 2025. Spin.AI. https://spin.ai/resources/ransomware-tracker/
6. Biggest Cyber Attacks, Ransomware Attacks, Data Breaches of March 2025. Cyber Management Alliance. https://www.cm-alliance.com/cybersecurity-blog/biggest-cyber-attacks-ransomware-attacks-data-breaches-of-march-2025