IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Uk nighttime office cyberattack circuit map hidden losses art
#
Malware
#
Firewalls
#
Data Protection

UK cyber crime reports surge as true costs hidden

Fri, 16th Jan 2026
Author image
By Melania Watson, Interview Editor

Cyber crime reports filed by the UK public to Action Fraud rose 37 percent over the past five years, according to analysis by cyber security firm Bridewell, which said the figures understate the financial impact on larger organisations.

Bridewell said Action Fraud data showed reported incidents increased from 28,770 in 2021 to 39,504 in 2025. It said more than 161,000 cyber crimes were reported over the five-year period, spanning offences from hacking of personal computers and social media accounts to spyware and denial of service attacks.

Action Fraud acted as the national reporting centre for fraud and cyber crime. It served as a contact point for individuals and small to medium-sized businesses.

Bridewell said larger organisations generally report major incidents through the National Cyber Security Centre, which manages nationally significant cyber incidents. It said the financial losses linked to those incidents do not appear in Action Fraud reporting. It also said the NCSC is exempt from Freedom of Information requests, which limits public visibility of financial impacts.

Loss figures

The data showed a drop in reported losses alongside the rise in reported incidents. Bridewell said reported losses from cyber crimes totalled over £12.3 million in 2021 and fell to £6 million in 2025.

"In 2025, we have seen staggering losses from cyber crime. While it is encouraging to see that financial losses reported to Action Fraud have decreased, the reality at the enterprise level is much different. The losses reported by Action Fraud represent just a fraction of the overall impact of cyber crime in the UK, particularly when compared to the broader losses faced by large businesses," said Anthony Young, CEO, Bridewell.

The gap between consumer reporting and major incident response has grown as the NCSC has handled more nationally significant events. The NCSC said it handled 204 nationally significant cyber attacks between September 2024 and August 2025. That represented a 129 percent increase compared with the same period of the previous year.

Bridewell pointed to recent disclosures by large organisations that have put figures on business impacts after cyber incidents. Jaguar Land Rover reported it had made a loss of £485 million following a cyber attack that halted production. Bridewell also cited ransomware attacks in the retail sector. It said the attack on Marks & Spencer was estimated to have cost the company around £300 million. It said Coop estimated it lost £206 million in sales from a similar incident.

"These large-scale attacks often have far more severe consequences, including production disruptions, supply chain issues, and reputational damage that go well beyond the immediate financial loss," said Young.

Most common crimes

Bridewell said hacking of social media and email accounts represented the largest category affecting individuals and smaller businesses. It said over 25,000 incidents were reported in the first eight months of this year.

That category also drove the highest total losses in the Action Fraud dataset. Bridewell said that since 2021, over £12 million has been reported lost through hacking of social media and email accounts.

"Many personal social media accounts are targeted as an entry point into business networks. Attackers gain access to these personal accounts and, if the victim reuses these passwords for their work accounts, this can lead to compromises for the businesses they work for as well," said Young.

Bridewell also highlighted a sharp rise in reports related to computer viruses and malware over the past year. It said reported incidents rose 105 percent over that period. It said reported losses from that category rose 190 percent.

In 2025, over £2.7 million was reported lost to computer viruses and malware, according to the data cited by Bridewell.

Economic exposure

Bridewell said total reported financial losses filed by the public to Action Fraud over the past five years amounted to £34 million. It said that figure appeared low compared with business impacts reported after large-scale disruptions.

The firm said smaller incidents may go unreported. It also said larger incidents can enter official channels outside Action Fraud, which limits what public reporting shows about financial damage.

"What we've seen is that the true cost of cyber crime to the UK economy is much higher than the data from Action Fraud suggests. This year has seen an unprecedented number of incidents affecting enterprise-scale organisations, costing the affected business hundreds of millions. Businesses must take urgent steps to bolster their cyber security defences and prepare for the growing risk of large-scale cyber attacks," said Young.

Related stories
Arctic Wolf unveils Aurora managed endpoint tools for MSPs
Gartner warns misconfigured AI could halt G20 power
Okta warns of North Korean fraud in remote tech hiring
AI-fuelled romance scams surge with deepfake deception
BADIIS malware hijacks IIS servers for covert SEO fraud

Top stories

LummaStealer returns post-takedown with ClickFix ruse
Proofpoint buys Acuvity to secure AI agents at work
Consumers embrace AI as daily assistant & companion
Be.EV buys Mer UK EV chargers to join top 10 network
Okta unveils tools to detect & govern shadow AI risks