Crowe Highlights Persistent UK Cyber Risks in 2025 Survey

Posted on By Martin Hinton No Comments on Crowe Highlights Persistent UK Cyber Risks in 2025 Survey

Estimated reading time: 2 minutes

Impressionist painting style image of a London shopping street featuring Harrods and M&S storefronts at dusk, illustrating UK cyber threat issues UK retialers are facing as noted in the UK's 2025 Cyber Security Breaches Survey.
Major UK retailers, including Marks & Spencer and Harrods, have suffered severe cyber attacks in recent weeks.

The cliché gloom of “rainy old London town” has rarely felt more literal—or more symbolic—or maybe it’s more digital—than in the wake of recent cyberattacks on UK retailers. As shoppers braved the drizzle outside Harrods and M&S, attackers found their way inside digital storefronts, exposing systemic vulnerabilities. A recent blog from Crowe UK, an audit, tax, and advisory firm with international reach, offers a critical analysis of the 2025 Cyber Security Breaches Survey. The Department for Science, Innovation and Technology’s cybersecurity report shows a slight decline in reported cyber attacks. Still, 43% of businesses and 30% of charities experienced cyber breaches this year.

Crowe UK warns this drop reflects fewer small firms identifying breaches—not a reduction in actual threats. Educational institutions face the highest risks. Universities reported a 91% breach rate, followed by 85% of colleges and 60% of secondary schools. Of note, this is something we’ve reported on extensively.

Phishing Remains Leading UK Cyber Threat
  • Crowe UK attributes this to AI-generated attacks.
  • Phishing caused 85% of business and 86% of charity breaches.
  • Impersonation and other social engineering tactics remain widespread.

Ransomware, while less common, causes greater damage.

Larger firms face the biggest losses. Marks & Spencer’s April attack may cost £300 million, with disruptions likely into July.

Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!

Despite some progress, resilience gaps persist.

Crowe UK notes improvements in risk assessments and insurance uptake. Yet, advanced protections like two-factor authentication remain rare.

Only 19% of businesses offer staff cyber training. Even fewer assess supplier cybersecurity practices, with just 14% of companies and 9% of charities doing so. Board-level oversight is also in decline. Just 27% of firms now have a board member responsible for cybersecurity, down from 38% in 2021.

Crowe UK urges renewed focus and leadership.

Persistent threats demand strategic investment and executive-level commitment; “UK organisations need to strengthen to better protect themselves from attacks and respond more effectively.”

Related News: M&S Hack Shows Major Retail Cybersecurity Weakness(Opens in a new browser tab)

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

Cyber Insurance, Cyber Insurance Geographic Markets, Cyber Insurance UK, Cybersecurity, EU Cybersecurity Tags:, , , , , ,

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *