Why 43% of UK Businesses Got Hit — and Why the Basics Let Them Down

Episode notes

Imagine watching the house next door burn and nodding sympathetically about smoke alarms — then never changing the battery in your own. That image opens our episode as Noel Bradford sits with Mauven MacLeod, Lucy Harper and Graham Falkner to unpack the UK Cybersecurity Breaches Survey 2025–26. This isn’t clickbait panic; it’s a weather report built from 2,112 businesses and 1,085 charities. The headline is simple and ugly: awareness rose after a year of big breaches on the news, but the boring, decisive basics slipped backwards. The numbers feel like a betrayal: risk assessments fell from 48% to 41%, formal cybersecurity policies from 59% to 52%, and business continuity plans covering cyber plunged from 53% to 44% — nine points lost in a year. Those figures land harder when you remember that 43% of businesses still reported a breach or attack in the last 12 months. This is not rare misfortune; it’s roughly 612,000 organisations experiencing harm, often more than once — the median victim suffered three crimes in a year. What explains the gap between knowing and doing? The episode frames it as a human story of overload, inertia and the tilt of daily fires over preventative work.