UK SME Cybersecurity Report 2026
Primary research into cyber attack rates, financial impact, staff preparedness, and technology adoption across 1,200 UK businesses with 10–250 employees. Conducted February 2026.
Key Findings
Up from 50% in 2024 — a 34% increase year-on-year.
Including downtime, recovery, regulatory costs, and customer churn.
Less than half of breached businesses had a documented IR plan at the time of attack.
Despite NCSC guidance advising against payment — up from 18% in 2024.
Most Common Attack Vectors — UK SMEs 2025
Methodology
This report is based on primary research conducted by AMVIA in partnership with an independent market research agency in January–February 2026. Respondents were senior decision-makers (IT managers, MDs, CEOs, and CFOs) at UK businesses with between 10 and 250 employees across 12 industry sectors. The sample of 1,200 was nationally representative by region, industry, and business size. Data was collected via online survey with telephone validation for a 15% subsample.
The Escalating Threat Environment
The 2026 findings paint a stark picture of a rapidly deteriorating threat environment for UK SMEs. Two-thirds of businesses experienced at least one cyber attack in 2025 — a significant increase on the government's own figures and a sign that attackers are intensifying their focus on smaller targets.
Phishing remains the dominant attack vector, implicated in 83% of incidents. However, the notable rise in supply chain attacks — from 9% to 18% year-on-year — reflects a strategic shift by sophisticated threat actors who are increasingly targeting small businesses as entry points to larger enterprise customers.
Financial Impact
The average cost of a breach for a UK SME rose to £6,400 in 2025, up 52% from our 2024 baseline of £4,200. This figure encompasses direct costs (IT recovery, specialist forensic support) and indirect costs (business downtime, customer attrition, regulatory fines, and increased cyber insurance premiums following a claim).
Notably, businesses with Cyber Essentials Plus certification reported average breach costs 68% lower than non-certified peers — the most compelling ROI data point for certification investment in our dataset.
The MFA Gap
Despite widespread awareness, only 58% of SME respondents had enforced multi-factor authentication across all cloud services. Among the 42% who had not, the most common reasons cited were 'concerns about staff disruption' (44%), 'not sure how to implement it' (31%), and 'hadn't prioritised it yet' (25%). Given that credential-based attacks account for over 60% of breaches, this represents the single largest addressable gap across the SME market.
Industry Benchmarks
Financial services and professional services firms reported the highest breach rates (74% and 71% respectively), reflecting both their attractive data assets and the targeted nature of financially-motivated threat actors. Manufacturing and construction firms showed the largest year-on-year increase — a 58% rise in attack incidence — consistent with NCSC intelligence about ransomware groups pivoting to target critical supply chain businesses.
Turn Research Insights into Security Action
AMVIA's security assessment translates the benchmarks in this report into a personalised gap analysis for your business — delivered in 48 hours.
Related Resources
The Complete Guide to Cybersecurity for UK SMEs
Turn research findings into action with our comprehensive cybersecurity guide.
What is Cyber Essentials Plus?
CE+ holders suffered 68% lower breach costs in 2025. Learn how to get certified.
Cybersecurity for Financial Services
Industry-specific findings and FCA compliance guidance for financial services firms.