Cyber security reports 2025: why businesses should prioritise staying safe online

It’s no secret that online security is a huge factor for businesses big and small. Cyber attacks are becoming more sophisticated, and businesses are facing new threats and vulnerabilities. We’re rounding up key takeaways from 3 major 2025 cyber security reports, outlining why it’s always important for small businesses and contractors alike to protect their business online. 

Online security for small businesses in 2025 

In recent years the landscape of digital threats has dramatically evolved with increasing development of AI technology. It’s helping cyber criminals launch more advanced attacks, causing more damage. 

Often operating with limited resources, smaller businesses are an easy target. So we’re here to not only bring to light key takeaways from 3 major cyber security reports, we’ll also summarise actionable tips to help you keep your business safe online. 

The state of cyber security threats in 2025 

To understand the current state of cybersecurity for businesses, it’s essential to examine the data. In 2025, several leading organisations released in-depth reports that shed light on the challenges and vulnerabilities businesses face. They also put focus on key themes that could lead to smaller businesses putting themselves at unnecessary risk. 

Common takeaways across all 3 reports were: 

• AI is a growing concern and threat for many businesses trying to keep safe online 

• There’s a decreased awareness of cyber risks among smaller businesses 

• Phishing is the most common cyber crime businesses need to protect themselves from 

Let’s look at these cyber reports in more detail… 

Cost of a Data Breach Report 2025 – IBM 

IBM’s Cost of Data Breach Report 2025 is a global report examining 600 organisations from across 16 countries and geographic regions, including the UK. 

Their ‘Key takeaways’ video quite rightly raises the issue of some businesses saying they can’t afford to implement cyber security. But the real question is, can they afford not to? The answer is likely ‘no’. 

Average cost of a data breach 

The good news is that IBM found the global average cost of a data breach dropped by 9% to $4.4 million (approx. £3.2m), with the UK average dropping by about 8.6% to $4.14 million (approx. £3m). 

Though this is theorised to be linked to a decrease in time taken to identify a breach, enabled by the use AI. Unfortunately, while AI has likely helped decrease the average cost of data breaches, it may be aiding attackers as per below… 

The impact of AI on cyber security 

The report extensively covered the impact of AI technologies on cyber security and data breaches. As well as the informed assumption that the use of AI to detect breaches faster has aided a decrease in average data breach cost, IBM’s report also found: 

• AI security reduces cost of breaches – Another positive is businesses using AI security had a lower average breach cost of $3.62 million (approx. £2.6m), compared to $5.52 million (approx. £4m) for organisations that didn’t use AI security. 

• Use of gen AI is rife in cyber attacks – on the other hand, 16% of breaches involved attackers using AI, with 37% of these focused on human manipulation through phishing. 

• There’s little education on the importance of AI access controls – 97% of businesses that experienced an AI-related breach lacked proper AI access controls. 

Cyber criminals target customer data and company intellectual property 

Data also showed that cyber attackers primarily targeted customers’ personal data over other types, with 53% of breaches involving personally identifiable information (PII). This can include tax numbers, home addresses and email addresses, which can be used for identity theft, fraud and more. 

While customer PII was most targeted, company intellectual property was the costliest – approx. $178 (£131) per recorded breach versus $160 (£118) per recorded breach. 

2025 Data Breach Investigations Report – Verizon 

Next is Verizon’s 2025 Data Breach Investigations Report (DBIR), with key findings that include SMBs as prime targets, human error as a big weakness and AI as growing threat. 

Small businesses are prime targets for cyber incidents 

Verizon found there were nearly 4 times the number of small business victims as there were large organisations. Though they do note this could be due to there simply being more smaller businesses active than larger organisations. 

It’s likely that hackers won’t necessarily care about the size of the business. But some may indeed choose to target smaller companies with weaker cyber security measures in place. 

The emerging threat of AI 

While GenAI may not have taken over the world just yet, it’s becoming a tool of choice for cyber crimes. A partner of Verizon has data that indicates synthetically generated text in malicious emails has doubled over the past two years. 

Alongside this, corporate data shows: 

• 15% of employees routinely accessed GenAI systems on their work devices 

• 72% used a non-corporate email address for their account 

• 17% used a work email without an integrated authentication system in place 

The other emerging threat of AI comes in the form of integration into device operating systems. Mobile devices are seeing an increase in features like voice assistants and AI writing tools in messaging apps. This creates more vulnerabilities for data-hungry models to exploit. 

Human error opens door for cyber vulnerabilities 

Mistakes happen, even in business – the phrase “you’re only human” comes to mind. And while most cyber attacks will generally involve a human element, employees (and business owners) may do things that actively lead to security vulnerabilities. 

Verizon’s report tells us that 60% of breaches involved a direct human element, including: 

• 32% from credential abuse 

• 23% from social actions 

• 14% from errors 

• 7% from interacting with malware 

This highlights the importance of cyber security education and training for both owners and employees. Learning how to stay safe online can go a long way to reduce the likelihood of a cyber incident or at least mitigate the damages in the event of one. 

Cyber security breaches survey 2025 – UK government 

Moving onto the UK government’s Cyber security breaches survey 2025, we see similar themes, but also some new findings. 

Smaller businesses put themselves at unnecessary risk 

The report found it was more common for smaller businesses to view cyber security as a low priority (30%) and for larger organisations to deem it a high priority (96%). 

Small businesses also don’t tend to consider the cyber risks associated with the digital service providers they use – like WordPress, Gmail, Adobe or Canva. 

Many small business owners assumed that because digital service providers are “multinational organisations” they wouldn’t have “poor cyber” – they put a lot of trust in reputation. 

This demonstrates limited education on the topic of cyber security and where risks can come from. 

Larger businesses ‘experience’ more cybercrime 

The ‘Cyber security breaches survey’ also notes that the larger the business, the more likely they were to experience cyber crime.  

This does contrast with Verizon’s finding that SMBs are prime targets. But, this could be due to less smaller businesses reporting cyber attacks and breaches (as found by the government’s survey). 

This decrease in reporting from micro and small businesses could be hiding the true reality – the one that Verizon notes – that they’re the top target for cyber criminals. Particularly if there’s less resource available and poorer cyber security monitoring practices in place. 

Phishing is the most popular cyber attack of choice 

The report also identifies phishing as the most common type of cyber attack by far. In fact, 85% of businesses who identified a breach in the previous 12 months reported phishing. This meant that approximately 37% of all businesses were affected by phishing breaches or attacks. 

It’s crucial businesses understand how to spot scam phishing emails, texts or calls to combat this. 

How small businesses can stay safe online 

If you run a small business, you might not realise all the ways you could be at risk of a cyber attack. Understanding this can help you find actionable steps to protecting your business. 

Helpfully, the National Cyber Security Centre (NCSC) has put together 10 steps to cyber security to help you keep you, your business and your clients safe. 

1. Asset management 
2. Risk management 
3. Training 
4. Configurations & setup 
5. Vulnerability management 
6. Identity and access management 
7. Data security 
8. Monitoring 
9. Incident management 
10. Supply chain security 

Want to learn more? You can head to the NCSC website or we’ve created a breakdown of cyber security best practices for small businesses. 

Can cyber insurance help? 

The UK government’s research also highlighted an increase in companies having cyber insurance – though 1 in 5 businesses still weren’t sure if they had cyber cover at all. 

Smaller organisations were more likely to have cyber security insurance as part of a wider policy, though this is likely due to many not being aware of cyber insurance as a separate product from their general business insurance. So, the question is, can dedicated cyber insurance help? 

Short answer: yes. Of course, the benefits you’d get depend on your business model, but cyber liability cover can offer a few perks, like: 

• Financial protection for covered losses 

• Expert assistance with identifying the type of attack and actionable steps 

• Peace of mind you’ll have support if the unexpected happens 

• Reassurance for clients that they can trust you’re taking cyber security seriously 

Getting cyber incident support  

Available as an optional add-on with our Contractor Insurance, our Cyber Liability cover includes access to a 24/7 incident response helpline. Whether you’re dealing with a confirmed cyber incident or just suspect something might be wrong, we’ve got experts on hand to help.  

That means contractors can get cyber insurance alongside other cover like Public Liability, Professional Indemnity, Personal Accident cover and Employers’ Liability, all under one policy.  

If you’re interested to more about what our policies cover, give our in-house experts a call on 01242 312 604 – we can help make sure you get cover that does ‘Right By You’.