SHANNON WILLIAMS

News Editor

The UK Government has released the latest Cyber Security Breaches Survey for businesses and charities, highlighting the scale of cyber incidents affecting organisations across the country.

The annual study found that 43% of UK businesses experienced a cyber security breach or attack, compared with 28% of charities. The results form part of official tracking of how organisations manage digital risk and respond to incidents.

Cyber security advocates say the figures expose persistent structural weaknesses in the UK’s legal and governance framework, arguing that current law does not reflect how modern defenders work or how criminal groups operate.

A spokesperson for the CyberUp Campaign said the survey strengthens the case for reform of the Computer Misuse Act, which dates from 1990. The campaign is a coalition of cross-party parliamentarians, academics and industry groups focused on the legal environment for cyber professionals.

“Today’s findings should be a wake-up call. The UK cannot keep warning about the scale of the cyber threat while leaving legitimate cyber professionals constrained by laws written for a different age. Other countries have already moved to protect legitimate cybersecurity activity while keeping strong powers to prosecute criminals, but the UK is falling behind. Without a clear statutory defence, we risk holding back the people working to find vulnerabilities, gather threat intelligence and stop attacks before they cause harm. The Government has rightly recognised cyber resilience as a national priority through the Cyber Security and Resilience Bill and its wider work to strengthen the UK’s cyber defences. But that ambition will fall short unless ministers also modernise the Computer Misuse Act. Reform would strengthen our national resilience, support the UK’s cyber sector and ensure the law targets malicious actors, not those protecting the public,” said a spokesperson for the CyberUp Campaign.

The CyberUp coalition has called for a statutory defence to give legal certainty to penetration testers, threat intelligence analysts and other security specialists. It argues that the current rules risk deterring legitimate research and testing that could identify weaknesses before criminals exploit them.

The survey also examines governance and board oversight of cyber risk. It found that more boards now hold formal responsibility for cyber security, although direct engagement remains patchy.

Jay Kaplan, chief executive officer and co-founder of Synack, said the data points to a gap between stated board responsibility and practical oversight.

“This year’s Cyber Security Breaches Survey shows boards taking on more responsibility for cyber on paper while paying it less attention to it in practice. Board-level responsibility rose from 27% to 31%, which looks like progress on paper. But the share of medium-sized business boards receiving at least annual cyber updates dropped from 78% to 70%. This signals more accountability with less visibility.

“The fix requires speaking the board’s language. Vulnerability management needs to be a corporate goal, not just a security team metric. Frame a breach in terms the board understands: what does it cost the business for every hour critical systems are offline? That calculation changes how leadership prioritises investment far more than any compliance report will. And once a year isn’t enough in a threat landscape that moves in hours. Boards need a continuous read on what’s actually exploitable, what it would cost the business to lose, and what’s been validated against real attack conditions,” said Kaplan.

A total of 47 per cent of business owners revealed they are most concerned about online fraud and cybercrime.

Meanwhile, 39 per cent of respondents also claimed they were concerned about damage to property.

READ MORE: Crowds of 18,500 people celebrate May Morning in Oxford

Pablo Lounge in Abingdon closed last year after being deemed commercially nonviable (Image: Andy Ffrench)

35.3 per cent of business owners also revealed they were worried about anti-social behaviour impacting their businesses.

Tool theft was also a concern, with 31.7 per cent of businesses answering it as a concern.

Meanwhile, only 17 per cent of owners answered shoplifting as a concern, 19 per cent answered in person fraud, and 19 per cent of fraud.

Respondents also answered what is holding their business back, with 48 per cent of businesses stating that finding staff with the right skills is a concern.

34 per cent of businesses also stated energy costs as a limit on their business.

Meanwhile, only 10 per cent of respondents claimed a fear of crime was holding their business back.

Matthew Barber (Image: Contributed)

Planning applications, local regulations, availability of property, parking, public transport, and lack of demand were also identified as a limit to local businesses.

The survey conducted by police and crime commissioner for Thames Valley, Matthew Barber, has revealed the crimes business owners are most concerned about.

The survey also asked businesses what type of business they are, how many employees they have, what taxes affect their business the most, and what is holding their business back.

Businesses identified corporation tax, national insurance, and VAT as the taxes affecting them most.

Retail businesses, hospitality services, professional services, IT businesses, agriculture businesses, and arts and entertainment services were all part of the survey.

The man – who lives in St Clement’s and did not wish to be named – has said that Royal Mail has been putting his post under a communal door despite him repeatedly asking the company not to.

He lives in a six-flat building and explained that previously the postal worker would gain access to the building by ringing the outside doorbells and then would post the letters into each individual flat.

READ MORE: Driver in the rough after police chase through Oxfordshire golf course

However, over at least the past month he said that this has not been happening and the man claims this is a “safety and security risk”.

“The postman is just chucking them under the door,” he said, adding that there could be anything in the letters including bank cards.

The Oxford man has complained his post is not secure (Image: Contributed)

He said: “Anybody could go through it.

“Anyone who knows anything about the door could through at any time or they could even get a stick and get the letters through to them.”

READ MORE: Bake Off star appears at water event with Channel 4 campaigners

The man said he had repeatedly complained to Royal Mail about it but the issue has persisted.

The company has since promised to look into the complaint.

A Royal Mail spokesperson said: “We will look into this with the local delivery team, as while there can be occasions where access to a building isn’t possible and items may be left in a communal area, our aim is always to deliver mail as securely as we can.”