Business, Cyber Security, Insights

Mid-year cyber security statistics 2026: What UK businesses need to know

3rd June 2026
London City

As we reach the halfway point of 2026, the latest figures from the UK Government and the National Cyber Security Centre (NCSC) reveal a cyber threat landscape that continues to challenge UK organisations.

From ransomware attacks and phishing attacks to supply chain attacks and data loss, the statistics show that cyber criminals remain highly active across the UK economy.

Below are the cyber security statistics every UK business should know as we move into the second half of the year.

If you are reading this because you have experienced a cyber incident and are unsure how to respond, contact Zensec immediately.

Cyber security statistics at a glance

  • 43% of UK businesses experienced a cyber attack or breach in the last 12 months
  • 67% of medium-sized businesses reported a cyber incident
  • 74% of large businesses reported a cyber incident
  • An estimated 612,000 UK businesses suffered a cyber attack or breach
  • The National Cyber Security Centre handled 429 cyber incidents
  • 204 incidents were classified as nationally significant
  • Nationally significant incidents increased by 130% compared to the previous year
  • Phishing attacks remain the most common cyber threat facing UK organisations

43% of UK businesses experienced a cyber attack or breach

According to the Cyber Security Breaches Survey 2025, almost half of UK businesses identified at least one cyber attack or security breach during the previous year.

This figure demonstrates that cyber security is no longer a concern only for large firms. Small businesses, medium-sized organisations and large businesses all remain targets for cyber criminals.

What this means

  • Cyber attacks are now a routine business risk
  • Organisations cannot rely on size for protection
  • Cyber resilience should be treated as a business priority

67% of medium-sized businesses reported cyber incidents

The data suggests that medium-sized firms face a significantly higher risk than the UK average.

More employees, connected devices and digital systems create additional opportunities for attackers to gain unauthorised access.

What this means

  • Medium-sized organisations should strengthen access control policies
  • Multi-factor authentication should be mandatory across critical systems
  • Security teams should regularly review user permissions

74% of large businesses suffered a cyber attack or breach

Almost three quarters of large businesses experienced a cyber attack or breach during the reporting period.

As organisations grow, they often manage larger amounts of customer data, sensitive data and supplier relationships, increasing their attractiveness to cyber criminals.

What this means

  • Large organisations should prioritise supplier security
  • Threat intelligence should inform security strategies
  • Incident response plans should be tested regularly

612,000 UK businesses experienced a cyber attack

Government estimates suggest approximately 612,000 businesses were affected by cyber crime during the reporting period.

This highlights the scale of cyber threats facing UK firms and reinforces the need for strong cyber security controls.

What this means

  • No sector is immune
  • Prevention remains more cost-effective than recovery
  • Cyber Essentials certification can help reduce risk

The NCSC handled 429 cyber incidents

The National Cyber Security Centre reported supporting organisations through 429 cyber incidents during its latest reporting period.

These incidents ranged from ransomware attacks and phishing campaigns to attacks affecting critical national infrastructure.

What this means

  • Serious cyber incidents remain common across the UK
  • Organisations need effective incident response capabilities
  • Secure backups are essential for business continuity

Nationally significant incidents increased by 130%

One of the most concerning findings from the NCSC Annual Review is the sharp increase in nationally significant cyber incidents.

The NCSC handled 204 nationally significant incidents compared with 89 during the previous year.

What this means

  • Threat actors are becoming more capable
  • Attacks are having greater operational impact
  • UK organisations must strengthen cyber resilience

Phishing attacks remain the most common cyber threat

Phishing continues to be the most frequently reported cyber threat affecting UK businesses.

Cyber criminals increasingly use AI tools and generative AI to create convincing emails, messages and fake websites designed to steal credentials or demand payment.

What this means

  • Employee awareness training remains critical
  • Multi-factor authentication helps reduce account compromise
  • Organisations should monitor for suspicious activity

Supply chain attacks remain a growing concern

As organisations become increasingly dependent on software providers and external suppliers, supply chain attacks continue to represent a significant risk.

A weakness in one supplier can expose multiple organisations to cyber threats.

What this means

  • Supplier security assessments are becoming increasingly important
  • Third-party risk management should form part of cyber security strategies
  • Businesses should review access granted to suppliers

How UK businesses can stay protected in the second half of 2026

The statistics highlight several actions businesses should prioritise:

  • Enable multi-factor authentication
  • Implement robust access control measures
  • Achieve Cyber Essentials certification
  • Maintain secure backups
  • Develop and test incident response plans
  • Strengthen cloud security controls
  • Improve supplier security processes
  • Deliver regular cyber security awareness training
  • Monitor emerging threats using threat intelligence

Key takeaways

The latest UK cybersecurity statistics show that cyber threats remain widespread across organisations of every size.

With almost half of businesses experiencing a breach or attack, and nationally significant incidents increasing dramatically, the second half of 2026 is an ideal time for organisations to review their cyber security posture.

Businesses that invest in cyber resilience, employee awareness, secure backups and proactive security measures will be best placed to reduce risk and protect customer data throughout the remainder of the year.

Frequently asked questions

What percentage of UK businesses experience cyber attacks?

According to the Cyber Security Breaches Survey 2025, 43% of UK businesses experienced a cyber attack or security breach in the previous 12 months. The figure rises to 67% for medium-sized businesses and 74% for large businesses.

What is the most common cyber threat facing UK businesses?

Phishing remains the most common cyber threat. Attackers use fraudulent emails, messages and websites to steal credentials, access systems and compromise sensitive data.

How many cyber incidents does the NCSC handle?

The National Cyber Security Centre (NCSC) handled 429 cyber incidents in its latest reporting period, including 204 nationally significant incidents.

Are small businesses targeted by cyber criminals?

Yes. Cyber criminals target businesses of all sizes. Small businesses are often seen as easier targets because they typically have fewer security resources and controls.

What are the biggest cyber security risks in 2026?

Key cyber threats include phishing attacks, ransomware attacks, supply chain attacks, cloud security vulnerabilities and unauthorised access to systems and data.

How can businesses improve their cyber resilience?

Businesses can reduce risk by implementing multi-factor authentication, maintaining secure backups, training employees, strengthening access controls and developing an incident response plan.

What is Cyber Essentials?

Cyber Essentials is a UK Government-backed certification scheme that helps organisations protect against common cyber threats through a set of essential security controls.

Sources: UK Government Cyber Security Breaches Survey 2025 and NCSC Annual Review 2025.

Improve your cyber resilience

Cyber threats continue to affect organisations of every size. If you’re unsure whether your business is adequately protected, Zensec can help.

From Cyber Essentials certification to security assessments and incident response planning, our experts provide practical guidance to strengthen your cyber resilience.

Speak to our team today to discuss your cyber security requirements.