The latest annual data breach survey from the UK government reveals a troubling rise in ransomware attacks, with one percent of organizations reporting such incidents, affecting an estimated nineteen thousand entities. This is a significant increase from less than half a percent the previous year. The survey highlights that seven percent of businesses that experienced cybercrime were victims of ransomware, compared to under half a percent for charities. Furthermore, responsibility for cybersecurity at the board level has declined, with only twenty-seven percent of businesses having a cyber specialist on their board, down from thirty-eight percent four years ago. The survey also notes that while ransomware incidents have surged, the overall rate of cybercrime has remained stable, with twenty percent of businesses reporting cyber incidents in the past year.
Nation-state actors are increasingly targeting small and medium-sized businesses, or SMBs, as they often lack robust cybersecurity measures and may not recognize their critical role in the supply chain. Eric Chien, a cybersecurity fellow at Broadcom’s Symantec Threat Hunter team, emphasizes that the majority of organizations affected by nation-state attacks are in the private sector, particularly in the middle market. In 2024, 70 percent of security incidents involving small businesses included ransomware, with the overall cost of such attacks rising despite a decline in their frequency, according to cybersecurity firm Sophos.
Why do we care?
Sophos’ data that 70% of small business incidents involve ransomware, yet its frequency is falling, signals better targeting, not less activity. The cost per incident is climbing — putting emphasis on recovery, resilience, and outcome-based security services, not just preventive controls.
Providers should double down on practical resilience services — backup integrity testing, disaster recovery orchestration, MFA enforcement, and ransomware tabletop simulations — especially for SMBs that lack strategic cyber planning. This is less about chasing the latest threats, and more about closing long-standing gaps that attackers are clearly exploiting with precision.