+44 (0) 207 112 5367
Apr 9th 2026
Article by PolicyBee
Cybercrime is a big problem for the UK. In 2025, it cost the UK economy an estimated £14.7 billion.
One of the most high-profile and impactful areas of cybercrime is data breaches. You know those stories where a company is hacked and their data is either held ransom, leaked to the world, or sold? That’s a data breach.
At worst, the average cost of a data breach for businesses can be devastating. At best, they’re an expensive nuisance that forces you to stay on your toes.
Large and medium businesses are targeted the most. Their data is the most valuable for cybercriminals, but also difficult to get.
Why? Well, they have more budget to spend on cybersecurity and experts. So, they can set up tough defences around their data.
These criminals will go after smaller businesses too. The rewards are smaller but the data’s easier for them to get their hands on.
The government’s latest Cyber Security Breaches Survey reveals that 43% of all UK businesses experienced some form of cybersecurity breach in the last 12 months. For large businesses, this rises to 74%.
That’s over a third of all UK businesses and nearly three-quarters of bigger organisations. Not forgetting many smaller businesses have no way of detecting cyber-attacks. So there are potentially thousands of attacks going unrecorded.
The continuing evolution and ease of access to AI in 2025 is also having an impact on the world of cybercrime. The NCSC has highlighted the importance of properly protecting your business, as cybercriminals begin to utilise AI to improve the speed and impact of cyber-attacks.
But just what is the average cost of a data breach for UK businesses? And what sort of impact can data breaches have on businesses?
It’s difficult to put a firm number on the cost of a data breach in the UK. It depends on the size of your company, how much data you store, what your business does, and much more.
There are a few ways we can measure it, though.
First, we can look at the average cost of a data breach around the world. According to technology giant IBM, which looked at data from 16 different countries and regions, it was $4.4 million in 2025.
It’s worth mentioning that this stat doesn’t include very small or very large breaches. For huge companies that have vast amounts of data, a breach will cost them a lot more.
Likewise for small businesses, the cost will be a lot lower as they store much less data.
So, let’s look at it another way.
In 2025, the average cost of cybercrime on a UK business was around £990. Looks a lot lower than $4.4 million, doesn’t it? Well, this stat includes forms of cybercrime which will be much cheaper to sort out. Especially those that don’t involve stolen data.
This stat also takes into account very small businesses, which IBM didn’t do in their study. Thousands of small businesses are affected by cybercrime every year. But naturally, their clean-up costs are a lot lower.
When you consider that small businesses make up 99.18% of our business population in the UK, it makes sense that including them would drive down the average cost.
Regardless, this amount of money can cause real problems for small and micro-businesses. But there are other, less measurable issues that they might have to face…
We won’t mince words. A successful data breach of a small business can cause chaos.
Why? Well, it comes down to investment in cybersecurity. A small business doesn’t have as much budget to spend on defending themselves from cybercriminals.
They also don’t have as much access to experts who can monitor and log attacks.
A report by Hiscox in 2018 estimated that UK small businesses were targeted with 65,000 cyber-attacks per day. And that over 4,500 of those attacks were successful.
This means that a small business was successfully breached every 19 seconds.
Other global and UK-based data we’ve highlighted in this blog shows us that post-pandemic, it’s highly likely that this number of attacks will have risen. Especially with the increasing use of AI in cybercrime.
What does being breached actually mean for a small business? Hiscox found it costs them about £25,700 in clean-up costs, on average. This includes restoring systems, paying ransoms, replacing hardware, and investing in better security after they’ve been breached.
The second big hurdle they have to face is less measurable. Business interruption, damage to their reputation, difficulty getting customers in the future. These problems are far more likely to lead to a small business closing after a data breach.
In 2024, Hiscox found that 43% of businesses lost customers after a cyber-attack. And 38% reported experiencing bad publicity.
With challenges like these in mind, it’s easy to see how a small business could struggle to keep its doors open. Especially if they were faced with a particularly damaging data breach.
There are many different kinds of data breaches. Some of which are complex and nuanced, while others are about as subtle as throwing a brick through a window.
The main ones you need to watch out for involve exploiting human error. In 2023, Stanford University research found that around 88% of all data breaches are caused by human error.
That’s why training your staff is so important. So they can avoid the tricks and tactics that cybercriminals love to use.
These include phishing emails, where a fake email is used to gain access to a system. Or ransomware, where someone inadvertently installs malware on your network, allowing a cybercriminal to hold your data hostage in exchange for a ransom payment.
Outside of human error, there are physical breaches. A criminal might steal an employee’s laptop or phone, or break into your office and rip a hard drive out of a computer.
These are just a few examples of data breaches. In reality, there are dozens of techniques that cybercriminals use.
The most important thing is that you have some kind of cybersecurity in place. It’s all about prevention.
You’ve probably heard a lot of talk about UK GDPR over the last few years.
It stands for UK General Data Protection Regulation. It’s a set of rules that makes sure personal data is used responsibly by businesses.
You’ll often hear about it when companies are fined for failing to follow the rules. Usually in connection to a data breach.
When a company is breached, it might be found that it didn’t protect its data properly. This is a big no-no when it comes to UK GDPR.
So much so that they can be investigated by the regulator (the Information Commissioner’s Office) and fined up to £17.5 million, or 4% of their annual global turnover. Whichever is greater.
Smaller businesses probably wouldn’t see a fine anywhere near this level. But they can still be fined thousands of pounds.
Don’t want to be on the receiving end of a data breach? We don’t blame you. Because the average cost of a data breach for small businesses in the UK can be crippling.
The best way to stop them is by prevention. Investing whatever budget you can afford into cybersecurity will make a huge difference. The National Cyber Security Centre (NCSC) is a great resource for actionable advice.
Following their advice can help you mitigate the chances of being hit by a cyber-attack. And make it way harder for cybercriminals to sneak in and cause havoc, if they choose you as a target.
Chances are, though, that you will be breached at some point. Being prepared for it can help you get ahead of the problems you’ll face.
Cyber insurance is a great way to do this. It’ll pay your recovery costs. Help you manage any PR difficulties you might face. And bring the average cost of a data breach right down.
Some policies even offer online cybersecurity training for your staff. So you can avoid common pitfalls that can lead to data breaches.
You can also add on extra cover for social engineering and financial cybercrime – two of the most common forms of cybercrime. Or patch on some help if your business isn’t able to trade due to a cyber-attack.
Mar 30th 2026
Article by PolicyBee
Cyber insurance (or cyber liability insurance as it’s also known) helps protect organisations from the damaging repercussions and financial fallout of cyber-attacks, cybercrime, and data breaches.
It helps stop attacks, fixes systems, compensates for financial losses, and deals with legal and regulatory issues.
That’s the simple version at least. But to understand what cyber insurance is and does, you first have to understand the threat. And that’s not always easy in view of the complex and constantly shifting landscape that cybercrime occupies.
What it’s important to know, however, is that digital risks and cybercrime aren’t going away anytime soon. With our collective reliance on tech, they’re only increasing and there’s no magic ‘delete’ button we can press to make them disappear.
That makes it vital to understand what the cyber threat is and what it means for your business. Also, what you can do to prepare your business for a cyber incident and help it survive the aftermath. Because the fallout can be devastating.
Any sort of digital crisis has the potential to unleash chaos, whether that be a hacker infiltrating your systems or a staff member falling for a fake email. Money or data can go AWOL, and your network can be crippled, bringing business to a halt.
Cybersecurity is a global problem. But closer to home, the government’s 2025 Cyber security breaches survey states almost half of UK businesses (43%) and three in ten charities (30%) reported breaches.
Furthermore, 20% of businesses and 14% of charities said they were victims of cybercrime. The larger the business, the more likely they were to fall victim. 52% of those who were targets of cybercrime were large businesses, and 42% were medium businesses.
The point is, no matter what your type of business, we’re pretty much all dependent on tech these days – from email to websites to VPNs (virtual private networks). In fact, with hybrid working now the norm and so many people connecting to remote networks from elsewhere, we’re more reliant on it than ever.
And that makes us sitting ducks for cybercriminals. It also means any kind of digital outage presents a real problem. Because if the tech doesn’t work, nor do we.
At the top of the cybercrime league table comes social engineering. It translates as people being innocently manipulated into revealing valuable information or doing something they don’t realise will be harmful. The result is hackers get access to data, information, networks and even money.
Phishing is the most common type of social engineering. Of all businesses that experienced a cyber breach or attack, 85% of them said phishing was the most common and disruptive type.
Phishing emails appear to be legit and to come from a trusted source. But they’re a guise for persuading individuals to reveal sensitive information cybercriminals can use for fraud. Or to trick them into clicking on malicious links.
A more sophisticated type of phishing, called spearphishing, targets individuals. This type of attack might take the form of a fake email apparently from a regular supplier, asking an employee to pay an invoice using new account details. Cue money going straight into the hands of cybercriminals.
Another more recent and emerging threat is the use of AI. While it can do our businesses a great deal of good, it can also do it harm if not used carefully. It’s important not to share sensitive information with AI tools. And keep your wits about you – AI is making it easier for cybercriminals to impersonate others too.
Ransomware is one of the big boys of the cyber-attack world and packs a hefty punch. Cybercriminals exploit IT security weaknesses or use social engineering techniques to infect a company’s network with malicious software.
Once the ransomware is in the system, it works quickly to encrypt data and lock it down. A message usually appears, telling hapless users that if they ever want to see their data again, they’ll have to pay a ransom – often in cryptocurrency.
Some pay up, some don’t. Some see their data again, others don’t – even those who’ve paid the ransom. Cybercriminals aren’t really known for their honourable intentions. And such is the scale of the problem, in 2020 the US made paying cyber-attack ransoms illegal.
Cybercriminals employ other damaging types of malware too. Much of it ends up on computers after users unwittingly click on bad links. Although, frighteningly, what are known as ‘drive-by attacks’ can happen if you’re simply unlucky enough to visit an infected website. No clicking required.
Malware can also come in the shape of keyloggers or spyware, which allow cybercriminals to record the keystrokes users make – including password entries. Plus, there are worms and viruses, and a whole lot of other sneaky tricks cybercriminals use to exploit other peoples’ computers.
The end result of any kind of cyber-attack is broadly the same. A network is compromised (maybe for days), and your business loses money – either because there’s a ransom to be paid, or systems and websites are down and trade grinds to a halt. Customers, meanwhile, go elsewhere.
A cyber-attack may also mean a data breach and the loss of sensitive data like customers’ personal or payment details. And that can put you in trouble not only with your customers, but with the regulator, which in the UK is the Information Commissioner’s Officer (ICO).
The ICO’s Data security incidents trends dashboard displays a running tally of UK data breaches and makes for some scary reading. It shows an average of 12,195 data breach incidents reported to it in 2024 – with 10,054 of them resulting in an investigation or informal action being taken.
All of which can be very costly for businesses. Not only in terms of fines, which can be up to £17.5 million or 4% of turnover, whichever is greatest. But also, in terms of damage to your reputation.
Given the clear and present danger cybercrime poses, it seems the best course of action is to do like the Boy Scouts do and be prepared. Because relying on the bloke down the road ‘who knows a bit about computers’ when your network’s crippled by malware won’t really cut it.
Where cyber insurance has the advantage is that it provides you with a whole team of experts. That means technical experts to recover your systems after an attack. Legal experts to deal with the regulator and any claims against you for loss of personal data. And crisis PR experts to manage your reputation.
Plus, it does it all quickly. Most cyber insurance companies have a 24/7 response line you can ring for immediate help. That’s important, because the longer an incident goes on, the greater the damage – on several fronts. It makes getting back on your feet again as soon as possible vital.
It also pays your legal costs and any compensation you owe if you’re sued for losing people’s personal data.
You might also be worried about social engineering and financial cybercrime. You’re right to be, they’re two of the most common forms of cybercrime. The good news is, you can easily add extra cover on for these. As well as for business interruption, which pays out every day that your business can’t trade due to a cyber-attack.
Cybercrime is no longer a futuristic concept, it’s very much the here and now. And as the opportunities for it grow in line with our ever-heavier reliance on tech, the problems it causes are only going to multiply.
Let’s face it, when would-be hackers can go on the dark web and buy ready-made malware packages for just a few quid, it doesn’t bode well.
The fact is, cybercriminals are smart. They’ve got the know-how at their fingertips and they’re constantly probing for vulnerabilities in our security set-ups. Put that together with the fact your average tech-user isn’t quite so cyber-savvy, and you have a recipe for a pretty uneven fight.
Where cyber insurance can help is by putting the battle on a more even footing. It may not be able to prevent a cyber-attack, but it can give your business the tools it needs to deal with one quickly and survive. And survival of the fittest, after all, is what being in business is all about.
Mar 23rd 2026
Article by Husky
Hiring your first employee feels like a big win.
It means your idea is working. Revenue is coming in. You are building something real.
You register for PAYE. You sort payroll. You issue a contract. Everything feels under control.
Then a letter arrives from The Pensions Regulator.
Suddenly you realise that becoming an employer also means taking on workplace pension duties.
In the UK, every employer must follow auto enrolment rules. It does not matter if you have one employee or fifty. If someone meets the age and earnings thresholds, you must:
It sounds simple. In reality, this is where many first time founders get caught out.
Most people assume payroll software handles everything. It does not. Pensions still require active oversight. Missed assessments or incorrect contributions can quickly turn into compliance issues.
The good news is this. When it is set up properly from day one, workplace pensions do not need to be stressful. They become something that runs quietly in the background.
If you have just hired your first employee, registered for PAYE, or received a letter from The Pensions Regulator, it is worth checking that everything is set up correctly.
👉 MYCO clients can learn more about how Husky supports workplace pensions here:
https://huskyfinance.com/husky-myco/
We make sure your workplace pension duties are covered so you can focus on growing your business.
Live Chat
Sales
Support
Company Formation
Opening Hours
