The latest Cyber Security Breaches Survey 2025/26, published by the UK Government, reinforces a reality many organisations already recognise: phishing remains the most common and most disruptive type of cyber attack facing UK businesses and charities.
Despite increased awareness and investment in cyber security, phishing continues to be the primary entry point for attackers - and the data shows its impact is growing rather than declining.
Phishing by numbers: what the survey found
The Cyber Security Breaches Survey 2025/26 highlights the continued dominance of phishing attacks across the UK:
- 38% of UK businesses experienced phishing attacks in the past year
- 25% of UK charities reported phishing incidents
- Among organisations that experienced a breach, 69% cited phishing as the most disruptive attack type
- The proportion of organisations experiencing only phishing attacks (and no other breach) increased:
- Businesses: from 45% to 51%
- Charities: from 46% to 57%
These findings illustrate that for many organisations, phishing is no longer just one threat among many - it is the primary cyber risk they face.
Why phishing continues to dominate UK cyber incidents
The survey confirms that modern cyber risk is driven less by sophisticated technical exploits and more by attackers exploiting human behaviour, trust and identity.
Phishing remains effective because it targets users directly, bypasses traditional perimeter controls, and exploits everyday workflows such as email communication, password resets and invoice processing.
Phishing is not just common – it is highly disruptive
One of the most significant insights from the survey is the disruptive impact of phishing-led incidents.
For nearly seven in ten organisations that experienced a breach or attack, phishing caused the greatest disruption - often resulting in account compromise, password resets, investigations, downtime and diversion of internal resources.
Even when phishing does not lead to ransomware or data theft, the operational impact can be substantial, particularly for smaller organisations without dedicated security teams.
Why “phishing-only” attacks are increasing
The rise in organisations reporting only phishing attacks, rather than multiple attack types, reflects a shift in how attackers operate.
Credential theft and account compromise allow attackers to access cloud services and business systems without deploying malware, making detection more difficult and prolonging exposure.
What the findings mean for UK organisations
The Breaches Survey makes it clear that phishing resilience is now a baseline requirement for UK organisations of all sizes.
Effective protection typically includes:
- Multi-Factor Authentication (MFA) for email and cloud access
- Advanced email filtering and phishing detection
- Regular security awareness training for staff
- Proactive monitoring of user accounts
- Clear incident response procedures for phishing-related events
Building resilience through managed cyber security
Managing phishing risk has become increasingly complex as attacks grow more targeted and sophisticated.
Many organisations now work with managed cyber security providers to implement, monitor and maintain effective controls - reducing disruption, improving response times and supporting long-term cyber resilience.
A persistent threat requires persistent defence
The Cyber Security Breaches Survey 2025/26 confirms that phishing remains the most prevalent and disruptive cyber threat facing UK organisations.
As long as attackers continue to exploit trust and identity, organisations must prioritise phishing prevention, detection and response as a core part of their cyber security strategy.
