DSIT publishes 2025/26 Cyber Security Breaches Survey

The Department for Science, Innovation and Technology (DSIT) has released its latest Cyber Security Breaches Survey (CSBS) for 2025/2026, highlighting that 43% of businesses and 28% of charities reported a cyber incident in the period, which equates to around 612,000 UK businesses and 57,000 UK charities, practically identical to last year's numbers. 

The report highlights a persistent resilience gap between larger businesses and SMEs, with SMEs showing a decline in essential cyber hygiene practices, including risk assessments and continuity planning.

Phishing remains the dominant threat and is growing in sophistication. 

In terms of response planning, of the 43% of businesses that reported breaches, only 25% maintain a formal incident response plan. Furthermore, board engagement is waning in certain sectors, with medium businesses reporting a significant decline in frequency of security updates, and fewer charities now view cybersecurity as a high priority. The findings suggest that while technical controls have seen modest gains, the lack of sustained high-level focus and incident readiness poses a significant risk to organisational stability and revenue.

Training Announcement: The BCS Foundation Certificate in Information Security Management Principles (CISMP) is an entry-level programme aligned with ISO/IEC 27001 and Cyber Essentials that examines the fundamental concepts, technologies and principles of information security management. It provides attendees with practical knowledge of key concepts and techniques in risk management, security operations, and technical, physical, and environmental security. In addition, CISMP addresses legal and regulatory requirements, business continuity and disaster recovery planning, and emerging technologies. Find out more.