The average cyber attack like a phishing scam or ransomware will cost the average UK business around £195,000 in damages and losses, with a greater impact to their business reputation.
With cyber attacks on the rise each year, the total losses estimated is at around £14.7 billion annually, and combined UK business costs reaching about £44 billion over the past five years.
Have you been affected by a cyber attack? Speak to JUMPSEC to see how we can assist on 0333 939 8080 or email us at [email protected]
What Is The Typical Cost of a Cyber Attack in The UK?
Here is a simple table showing how much a typical cyber attack costs UK businesses:
| Type of Cost | Typical Amount |
| Average cost per significant attack | £195,000 per business per year |
| Total annual UK cost (all businesses) | £14.7 billion |
| Combined cost over 5 years | £44 billion |
| Average revenue loss per attack | 1.9 % of revenue |
These figures show that even one successful breach can be very expensive for a business, and the aggregated cost across the UK economy is very large.
What UK Companies Have Faced Large Cyber Attacks In Recent Years?
In 2025, a major cyber attack on Jaguar Land Rover was estimated to have cost the UK economy about £1.9 billion after it severely disrupted production and supply chains.
Another high-profile incident in 2025 involved Marks & Spencer, which reported that its cyber attack would cost around £300 million due to lost sales, operational disruption, and remediation costs.
In 2024, a ransomware attack against a key NHS lab services provider, Synnovis, resulted in estimated costs of £32.7 million due to disrupted operations and emergency recovery.
Other British organisations, such as engineering firm Arup, suffered a £25 million loss from sophisticated social engineering fraud where fake credentials were used to transfer funds.
These examples show that both large corporations and critical service providers are being targeted, with costs ranging from tens of millions to billions.
What Are Typical Cyber Attacks That Businesses Face?
The most common cyber attacks faced by UK businesses include:
- Phishing and email compromise – this is where attackers trick employees into giving up credentials or clicking malicious links.
- Ransomware is a major threat – where malware locks up systems and demands payment, often leading to expensive downtime and data recovery costs.
- Data theft and breaches of customer information – this can result in regulatory fines and reputational damage.
- Smaller businesses – they also face business email compromise, fraud, denial-of-service attacks, and attacks exploiting weak passwords or outdated systems.
Why Does a Cyber Attack Cost So Much?
Cyber attacks cost so much because they affect multiple parts of a business because if systems are shut down or data is stolen, a business may lose sales and revenue directly, especially if customers cannot access services.
In ransomware cases, cyber attacks and hackers will demand ransom payments to release information or to resume business, which can run into tens or hundreds of thousands of pounds.
Businesses will then typically pay large sums for PR and communications to reassure customers and protect reputation after a breach. A crisis PR campaign can cost up to £20,000 per month or higher to support a large organisation during a cyber breach.
Companies frequently need to reorganise and upgrade their cybersecurity, including hiring outsourced cybersecurity consultants to analyse how the attack happened and to prevent it happening again.
Legal and regulatory costs can also be high, especially under the latest data protection laws, which may impose fines and costs for notifying customers.
All of these factors add up, making even a moderately disruptive attack expensive.
How Can You Limit the Cost of a Cyber Attack?
Limiting the cost of a cyber attack begins with prevention including:
- Regularly training staff to recognise phishing emails and suspicious activity reduces the chance of breaches.
- Backing up critical data frequently and securely can reduce recovery time after an attack.
- Maintaining up-to-date security software and systems makes it harder for attackers to exploit known vulnerabilities.
- Having an incident response plan means your business can respond quickly and minimise disruption if an attack occurs.
- Taking out cyber insurance can help cover some of the financial impact, though policies vary and may not cover all costs.
- Promptly reporting breaches to authorities and cooperating with investigations often helps reduce long-term costs too.
What Are the Cyber Security Defence Solutions You Can Use?
There are many defence solutions businesses can use to protect themselves:
Internal measures – Within an organisation, there are things that are quite basic that can be implemented including Firewalls, antivirus and anti-malware software that can block many common threats.
Additionally, have regular password changes and using multi-factor authentication (MFA) makes it harder for attackers to use stolen passwords. Some companies deploy zero trust networks that add a layer of security for anyone within the organisation to access any information.
Also, using encryption of sensitive data ensures that stolen information is useless without decryption keys.
There are a lot of basics that small and large businesses can do internally to prevent cyber attacks
External measures – Hiring an outsourced cybersecurity company can help you put more controls into place. Through solutions such as penetration testing, red teaming and blue teaming, it is possible to run simulated attacks to find any possible vulnerabilities and then add measures to close these gaps.
Network monitoring and intrusion detection systems alert administrators to unusual activity so breaches can be stopped early. Regular security audits and vulnerability testing help identify weak points before attackers find them.
All of these solutions, when combined, help businesses reduce the chances of an attack and lower the cost if one happens.
In summary, cyber attacks cost UK businesses billions of pounds each year, both in direct losses and broader economic impact. By understanding the threats, investing in prevention, and preparing effective responses, businesses can limit these costs and protect their operations.
