North West businesses have been issued a warning to improve their cyber resilience by the North West Cyber Resilience Centre (NWCRC), following the release of new Government statistics.
The Cyber Security Breaches Survey 2025 estimated that UK businesses experienced 8.58 million cyber crimes over the past 12 months – up from 7.8 million in the previous 12 months. Phishing attacks remain the most prevalent and disruptive type of cyber breach, with 85% of businesses and 86% of charities experiencing a phishing attempt.
There was positive news – 43% of all businesses reported a cyber security breach or attack in the past 12 months, which is less than last year’s 50%. For microbusinesses, the figures were 35% down from 40% last year and for small businesses it’s 42%, down from 49%.
For larger businesses, the prevalence of cyber breaches remains high – 67% of medium-sized businesses reported experiencing a cyber breach (70% last year) and 74% of large businesses (75% last year).
However, of those businesses who did report a cyber breach, around half of those (46%) ended up being victims of cyber crime. This shows how important good cyber hygiene is because something so simple as clicking on a phishing link by mistake can lead to a much more harmful cyber attack.
DCI Chris Maddocks, head of economic and cyber crime at the North West Regional Organised Crime Unit (NWROCU), with responsibility for the NWCRC, said: “Cyber crime is one of the fastest growing crimes in the UK and with the rapid growth of generative AI, it is evolving and growing very quickly.
“These figures demonstrate clearly that a cyber breach can lead to a 50% chance of a more harmful cyber attack, which could permanently damage – or even close down – a business.
“Preventing cyber crime and online fraud through education and funded training continues to be a key priority for us at the NWROCU. We will continue our outreach work with the NWCRC to make our region the safest place to do business.”
The report goes on to state that overall there has been a small but positive uptake in cyber hygiene measures from small businesses: 48% undertake cyber security assessments, up from 41% last year. On top of this, 62% of small businesses now have cyber insurance, up from 49% last year.
In terms of basic cyber protection, the stats were on the whole positive, with 77% of businesses having updated malware protection; 73% of businesses having password policies; 72% of businesses had network firewalls; 71% of businesses had cloud back-up services and 68% had restricted admin rights.
However, worryingly, only 40% of businesses had multi-factor authentication (MFA) enabled and only 31% had a VPN for employees working remotely.
DI Dan Giannasi, head of cyber and innovation at the NWCRC, said: “We work closely with small businesses, charities, education and public sectors across the entire North West to give them the tools and the knowledge to build cyber resilience.
“It can take just one cyber breach to lead to a wider cyber or ransomware attack, which in turn could wipe out a small business.
“While it’s excellent that just over two-thirds of overall businesses have good basic cyber hygiene – it’s still very concerning that less than half of businesses have MFA set up, or further measures like a VPN.
“We strongly advise all businesses and organisations across the North West to sign up to our free membership, with regular updates and guidance on staying safe against fraudsters and cyber breaches.”
The NWCRC was set up in 2019 as a police-backed not-for-profit organisation. It runs a free membership for businesses across the North West, as well as funded programmes with the PCCs and regional police forces. The team also works closely with the cyber student community to offer high quality paid work experience, which in turn allows them to run affordable security training sessions to businesses, charities and the public sector.
