Data Breaches 2025 Report Highlights
The GOV.UK Cyber Security Breaches Survey 2025 is out and reveals that 43% of UK businesses and 30% of charities experienced a cyber security breach or attack in the last 12 months. We review and highlight some key data protection points.
What's the attack rate?
Primary Schools - 44%
Secondary Schools - 60%
Colleges and Universities - most (85-991%) have had an online attack.
Small businesses 43%
What kinds of attacks.
The most common attack for schools and businesses is 'phishing' - when someone tries to trick you into clicking on a bad link or giving out your password.
Schools, particularly colleges and universities, have seen an increase in impersonation attacks - where someone pretends to be staff or the school online.
Bases: Those that identified a breach or attack in the last 12 months; 109 primary schools; 144 secondary schools; 73 further and higher education institutions (combined due to low base for higher education); 1,132 businesses overall.
How regularly do the attacks happen?
Weekly for schools, colleges and businesses.
What do organisations put in place?
Business vs Education
Educational institutions are hit more often than businesses or charities.
Small businesses have increased their uptake of cyber insurance from last year from 49% to 62%. A minority of primary schools (6%) and secondary schools (13%) have a specific cyber insurance policy. However, just under half of primary schools (47%) and secondary schools (43%) reported having cyber security cover as part of a broader insurance policy.
Phishing is still the most common attack.
Impersonation is at 68% for colleges/universities and 34% for businesses.
Staff training is better in schools and colleges than businesses and charities.
What areas are a struggle?
Schools struggle to apply patch management and software updates within 14 days
Colleges and universities are particularly attractive targets for cyber attackers.
Schools and colleges should look to review the DfE Digital Standards. If you are wondering where to start with this, we have support and guidance available as an add-on to our DPO service or stand-alone: DfE Digital Standards Trackers.
Full Cyber Security Breaches Survey 2025 Report
What's the attack rate?
Primary Schools - 44%
Secondary Schools - 60%
Colleges and Universities - most (85-991%) have had an online attack.
Small businesses 43%
What kinds of attacks.
The most common attack for schools and businesses is 'phishing' - when someone tries to trick you into clicking on a bad link or giving out your password.
Schools, particularly colleges and universities, have seen an increase in impersonation attacks - where someone pretends to be staff or the school online.
Bases: Those that identified a breach or attack in the last 12 months; 109 primary schools; 144 secondary schools; 73 further and higher education institutions (combined due to low base for higher education); 1,132 businesses overall.
How regularly do the attacks happen?
Weekly for schools, colleges and businesses.
What do organisations put in place?
- Outside expert advice
- NCSC guidance
- Cyber security policy as a plan to stay safe online
- Actively check for cyber security risks
Business vs Education
Educational institutions are hit more often than businesses or charities.
Small businesses have increased their uptake of cyber insurance from last year from 49% to 62%. A minority of primary schools (6%) and secondary schools (13%) have a specific cyber insurance policy. However, just under half of primary schools (47%) and secondary schools (43%) reported having cyber security cover as part of a broader insurance policy.
Phishing is still the most common attack.
Impersonation is at 68% for colleges/universities and 34% for businesses.
Staff training is better in schools and colleges than businesses and charities.
What areas are a struggle?
Schools struggle to apply patch management and software updates within 14 days
Colleges and universities are particularly attractive targets for cyber attackers.
Schools and colleges should look to review the DfE Digital Standards. If you are wondering where to start with this, we have support and guidance available as an add-on to our DPO service or stand-alone: DfE Digital Standards Trackers.
Full Cyber Security Breaches Survey 2025 Report