Business & Technology
UK cyber survey shows stagnant breach preparedness
SHANNON WILLIAMS
News Editor
The UK Government has released its Cyber Security Breaches Survey 2026, prompting criticism from security specialists and legal experts who say progress remains limited.
The annual survey tracks the frequency and impact of cyber incidents across organisations of different sizes and sectors. It also examines how businesses and charities approach risk management, staff training and supply chain security.
Initial industry reaction points to what many describe as stagnation in key measures of preparedness, with phishing, supplier vulnerabilities and the position of smaller firms emerging as particular concerns.
Tom Kidwell, co-founder of security firm Ecliptic Dynamics and a former British Army and UK Government intelligence specialist, said the 2026 results suggest too few lessons have been learned from recent attacks on well-known consumer brands.
“After years of headline-grabbing cyber attacks, this survey feels depressingly familiar. Breach levels haven’t shifted, preparedness hasn’t improved, and despite all the noise around breaches causing serious damage to major brands like Marks and Spencer and the Co-Op, too many organisations are still failing to act. Talking about cyber security clearly isn’t the same as doing anything meaningful about it. Too many companies are still in the mindset that ‘it won’t happen to me.'”
Phishing remains the most commonly reported form of attack in the government study. Security practitioners argue that attackers are using increasingly sophisticated and targeted methods, often supported by artificial intelligence tools.
For Kidwell, the survey exposes a disconnect between the scale of the phishing threat and current investment in staff awareness programmes.
“What really stands out is phishing. It continues to dominate, and it’s becoming smarter, more targeted and more damaging thanks to advances in AI, yet the Government’s Cyber Security Breaches Survey shows that staff training levels remain considerably low. When fewer than one in five organisations train their people, it’s no surprise attackers keep walking straight through the front door,” he said.
Experts also single out supply chain exposure. The survey shows relatively low levels of structured risk assessment of immediate suppliers, despite a series of high-profile disruptions.
“The same applies to supply chain attacks. Despite Jaguar Land Rover hitting the headlines last year with one of the most significant supply chain attacks, amounting to almost £500m in losses, a measly 15% of companies review risks associated with their immediate suppliers. This is creating a glaring blind spot, one that attackers are increasingly exploiting,” Kidwell said.
Smaller organisations appear to be under particular pressure. The latest figures suggest some modest gains in basic security practices recorded in previous years have not been sustained.
“Small businesses are the biggest concern. Last year’s modest improvements in basic cyber hygiene have gone into reverse, with fewer risk assessments, fewer policies and weaker continuity planning. Companies appear to be abandoning the bare minimum required to keep their businesses secure,” Kidwell said.
Government awareness efforts receive some recognition from specialists, but they argue that publicity and campaigns have yet to translate into sustained improvements in resilience.
“Government campaigns such as the Cyber Aware campaign are being recognised a little more, which is encouraging, but awareness alone is clearly not building resilience. Until cyber risk is treated as a practical business issue, and not a compliance tick-box exercise, these numbers in the annual Cyber Breaches Survey won’t change,” Kidwell said.
He also questioned the wider response from law enforcement and government agencies to rising levels of cyber crime, arguing that better organisational defences must be matched by stronger efforts to disrupt the groups behind attacks.
“While awareness is clearly important and businesses need to play their role, a question to ask is how is the Government tackling this wave of crime? With such prevalence of the activity, what is being done to disrupt the actors conducting it? Defensive and preventative actions can only go so far, upstream disruption is required alongside this,” Kidwell said.
Legal specialists view the survey as further evidence of a gap between the severity of cyber risk and the way many boards approach the issue. They also point to nation-state threats and the complexity of global vendor networks as added pressures on governance.
Ross McKean, co-chair of the UK Data Protection and Cyber Response Practise at DLA Piper, said:
“While some welcome progress has been made, today’s figures show a persistent gap between the potential existential nature of cyber threats and board-level engagement, especially across smaller businesses. With nation state threat actors increasingly targeting Western organisations and global supply chains becoming ever more interconnected, there is a pressing urgency to close this gap, including by ensuring businesses consistently identify, assess and prepare for vulnerabilities across their third-party vendor networks and take steps to defend against new technologies such as AI which potentially render current vulnerability patching practices redundant.”
McKean argued that boards should incorporate cyber considerations into broader resilience planning and crisis management, with clear priorities for keeping critical functions running after an incident.
“As a first step, all organisations, no matter their size, should have a clear picture of their ‘minimum viable business’ and urgently establish tested and effective workarounds that allow them to keep going should primary systems be offline. Fundamentally cyber risk is a business resilience, board level consideration,” McKean said.
Peak traffic on Hyperoptic’s broadband network rose by about 10% during the opening match of this summer’s major international football tournament. Most viewers also expect to watch the tournament from home.
Demand peaked at about 9:15pm during the opening fixture, around 30 minutes later than the usual evening high point. Hyperoptic said its normal peak typically falls between 9pm and 10pm.
Research commissioned by the provider found that 60% of UK adults with home broadband plan to watch the tournament. Among those viewers, 86% expect to watch most matches from home rather than elsewhere.
The findings highlight the strain major live sport can place on household connections when several activities are running at once. During major live sporting events at home, an average of 2.7 internet-connected devices are in use in the household at the same time, according to the survey.
A sizeable minority of viewers said technical problems can spoil the experience. Some 29% of UK adults with home broadband said buffering during a goal, penalty or other key moment would be one of the most frustrating things to happen during a major match, while 11% said they had already missed an important sporting moment because of buffering, lag or connection issues.
The study also suggested that delays in live streams can leave viewers exposed to spoilers before the action appears on screen. Around three in five football viewers said they had found out about a goal or other key sporting moment before seeing it themselves.
Second screens
The survey suggests that watching football at home often involves several screens at once. A third of football viewers said they message friends or family while watching live football, while 29% said they scroll social media during matches.
That second-screen habit can add another source of frustration for viewers whose streams lag behind live play. Fans checking messages or social platforms may learn about decisive moments before the broadcast catches up.
Hyperoptic, which focuses on full-fibre broadband in urban areas, said the opening fixture offered an early sign of how the tournament is affecting evening traffic patterns, with network demand rising as millions of fans watched from home.
Mark Bartlett, Chief Operating Officer at Hyperoptic, commented on the viewing patterns and their effect on home internet use.
“This summer is a big moment for football, and millions of people will be watching, reacting and connecting at the same time. With so many fans planning to watch from home, broadband is a central part of the matchday experience. A delayed stream, frozen picture or spoiler can take fans out of the moment in seconds.
“For households watching live sport, a few simple steps can make a real difference to the viewing experience. Streaming over a reliable Wi-Fi connection, avoiding large downloads during key matches and being mindful of how many devices are using bandwidth at the same time can all help reduce the risk of buffering or delays,” Bartlett said.
The research was based on a survey of 2,000 UK adults with home broadband. Unless otherwise stated, the figures refer to that group, with some results drawn from subgroups including football viewers and people planning to watch the tournament.
Hyperoptic said its network now passes more than 1.9 million homes and that it has more than 400,000 customers across 64 towns and cities in the UK. Its figures suggest that major live sports events can shift both the scale and timing of broadband demand as households stream, message and browse at the same time.
For broadband providers, that pattern matters because the pressure comes not only from viewers watching the same event simultaneously, but also from the cluster of digital activity around it. The survey findings suggest that the modern match experience at home includes streaming, social media use and messaging alongside the live broadcast.
With most tournament viewers planning to stay on the sofa for most matches, the home internet connection has become a bigger part of how audiences experience major football events. Around three in five football viewers said they had found out about a goal or key sporting moment before seeing it on their own screen.
Ethiack said the number of cyber vulnerabilities it identified across client IT environments rose 106% over the past year, increasing from 17,500 to more than 36,000.
The Portugal-based cybersecurity group said the rise came despite only a modest increase in the number of digital assets under monitoring. Vulnerabilities per monitored asset climbed from 0.9 to 1.7 over the same period, indicating a sharper rate of exposure across the systems it tested.
The figures add to broader evidence of a shift in how attackers gain entry to organisations. Verizon’s 2026 Data Breach Investigations Report found that exploited software vulnerabilities accounted for 31% of cyber breaches, up from 20% a year earlier, overtaking stolen passwords as the most common initial access route.
Ethiack said its platform tracked more than 190,000 digital assets during the year and now monitors more than 21,000 in-scope assets each month. Its client base grew 30% as the company expanded into the UK and Switzerland.
Threat speed
Ethiack linked the increase in discovered weaknesses to both improved detection and a faster-moving threat environment. Industry research it cited said the median time between a vulnerability being disclosed and being actively exploited has fallen from 771 days in 2018 to a matter of hours.
That shift has narrowed the time available for security teams to respond once flaws are discovered. In some cases, vulnerabilities are identified and attacked before public disclosure, leaving little room for patching or other defensive action.
Jorge Monteiro, Chief Executive Officer of Ethiack, described the pace of change as the main concern for defenders.
“The most important change we’ve seen over the past year isn’t the type of vulnerabilities attackers are exploiting. It’s the speed at which they’re finding and weaponising them.
For years, organisations could assume they had days, weeks or even months to identify and remediate vulnerabilities. That assumption no longer holds. Today, attackers can use AI to identify weaknesses, generate exploits and launch attacks in a matter of hours.
Perhaps most concerning is that AI can now help attackers reverse-engineer security patches themselves. Organisations may spend weeks developing and testing a fix, only for cybercriminals to analyse the patch and use it to identify the underlying vulnerability and attack it within minutes.
The mismatch between attacker speed and defender speed is growing. Periodic security assessments and annual penetration tests were designed for a different era. Organisations now need continuous monitoring of their attack surface and validation of any vulnerabilities to keep pace with the machine speed and scale of threats,” Monteiro said.
Company growth
The business added 13 employees and six ethical hackers over the year. Founded in Portugal in 2022 by André Baptista and Monteiro, it works with organisations across Europe, including ANA, Portugal’s national airport operator.
The increase in vulnerabilities identified does not necessarily mean every client environment became less secure in absolute terms, but it does point to a larger pool of weaknesses being uncovered as attack surfaces expand and tools improve. Modern corporate systems often span cloud services, third-party software, employee devices and internet-facing applications, increasing the number of possible entry points.
For security teams, the data adds to pressure to move faster on validation and remediation. If attackers can use AI to analyse newly issued patches and infer the flaws they address, the traditional gap between patch release and practical exploitation may continue to shrink.
That trend is becoming more significant as the volume of known software flaws rises each year. The challenge for organisations is not only discovering weaknesses, but also determining which are exploitable and urgent enough to prioritise before attackers act first.
Bicester is seeing a surge in demands thanks to a blend of premium retail at Bicester Village, strong rail connectivity, and easy access to Oxford and London.
New data from the digital rail ticketing platform TrainPal shows the destination experiencing sustained growth, as travellers increasingly look beyond traditional tourist hotspots.
READ MORE: Cherwell planning authority keeps control of 69 live major applications
It’s ranked among other locations, including Salford, at the top spot, Hatfield, St Albans, and London.
Destinations experiencing the strongest growth in rail demand, highlighting a growing appetite for places that combine strong transport links, cultural attractions, food scenes, outdoor experiences and value for money.
Alvaro Ungurean, European commercial director, said the trends show travellers prioritising destination that offer “memorable experiences, easy accessibility, and a strong sense of place.”
-
Crime & Safety4 weeks agoRyan Bridge speaks of London arrest after Oxford incident
-
Crime & Safety4 weeks agoNew video call system to help domestic abuse victims
-
Oxford News3 weeks agoOxfordshire families invited to free day of fun in Bicester
-
Oxford News4 weeks agoOxfordshire Lib Dems lose another councillor amid ‘serious concerns’
-
Crime & Safety3 weeks agoPhotos as 1979 Pontiac Firebird ‘bursts in flames’ at Tesco
-
Business & Technology3 weeks agoNew ‘high-quality’ mushroom business launched in Oxford
-
Business & Technology3 weeks agoNHS IT outages disrupt 274,620 patient interactions
-
Student Life3 weeks agoTransgender rights protest in central Oxford following updated EHRC guidance