The Cyber Security Breaches Survey is an annual research study aligning with the National Cyber Strategy. It helps to inform government policy on cyber security, with a focusing on businesses, charities and educational institutions. The focus of the survey includes policies, processes, cyber attacks and crimes organisations face, as well as the impact and response to such occurrences.

We’ve digested and summarised some of the key statistics from the 2023 publication.


  • 32% of businesses recall breaches or attacks in the past 12 months. Rising to 59% for medium businesses, and 69% for large.
  • 49% of businesses report seeking information or guidance on cyber security from outside their organisation.
  • Across all UK businesses, there were approximately 2.39 million instances of cyber crime.
  • The average annual cost of cyber crime for businesses is estimated at £15,300 per victim.
  • 57% of businesses have a rule or policy to not pay ransomware payments.
  • 66% of businesses who have identified breaches have reported taking action to prevent further incidents.

Cyber Hygiene

A concerning drop in cyber hygiene was reported, with use of password policies, network firewalls and restricting of admin rights all decreasing. The most common threats are unsophisticated, implementing these measures contribute greatly to cyber defence. They are also key factors of becoming Cyber Essentials certified.

  • Password policies – from 79% in 2021 to 70% in 2023
  • Network firewalls – from 78% in 2021 to 66% in 2023
  • Restricting admin rights – from 75% in 2021 to 67% in 2023

Cyber Accreditations & Guidance

  • Overall, just 14% of businesses are aware of the 10 Steps guidance and the Cyber Essentials Scheme. Figures do rise when focussing solely on medium and large businesses.
  • 9% of businesses adhere to the ISO 27001 standard, rising to 27% among large businesses.
  • Qualitative findings suggest the desire to seek external accreditation is in relation to client requests and new business opportunities. You can read more about the importance, and benefits of ISO 27001 here.

“Information Security is of ever-growing importance. Certifications such as ISO 27001 help to protect your business against risk. It’s highly likely that future business insurance premiums will be aligned with the level of IS controls implemented in an organisation”
– Stuart Oldham, CEO Clear Thinking Solutions

You can find the full Cyber Security Breaches Survey 2023 here.

Subscribe & share to spread the word on a range of topics covering Cyber Security, Risk & Compliance.

Clear Thinking partner with businesses to provide multi-layered cyber security solutions, including certifications, compliance, disaster recovery and more. Further details can be found here:

P: 0203 327 4560

Cyber Essentials certified
cyber essentials