UK Cybercrime Statistics 2023

Updated on 15 September 2023

Cyber Crime in a major problem for UK businesses of every size, whilst most of the major cyber security incidents we hear about are large businesses, this doesn't mean that they are the only businesses to be targeted. In reality, 81% of all UK Businesses who suffer from a cyber security attack are Small to Medium Sized Businesses. As your local cyber security experts we feel it is our role to help businesses understand the threats that they may be facing (see our news and educational articles) this why we provide you with the most current and up-to-date data on UK cyber crime statistics 2023. 


What is the cost of Cyber Crime in the UK?

In 2022 Cyber Crime cost UK Businesses on average £4,200, the total cost of cybercrime to the UK economy is estimated to be £27 billion per year, with businesses accounting for a significant proportion of this cost. Despite this, only 15% of UK businesses have a formal cybersecurity incident management plan in place, suggesting that many businesses are not adequately prepared for the threat of cyber crime.


One of the most common forms of cybercrime in the UK is fraud, with a total of £1.3 billion lost to fraud in the UK in 2020. This included a significant amount lost to online shopping fraud, with victims losing a total of £63.8 million in 2020. In addition to fraud, there were 2.3 million cases of computer misuse reported in the UK, over 1 million incidents of unauthorised access to personal information, and over 400,000 reported cases of fraud and computer misuse.


Cyber-attacks are a significant threat to businesses in the UK, with 46% of UK businesses reporting a cyber-attack in 2020. The average cost of a cyber-attack to a UK business was £9,270, and phishing scams were the most common type of cyber-attack in the UK, accounting for 44% of all incidents. Ransomware attacks in the UK increased by 70% in 2020, highlighting the growing threat of these types of attacks.


In 2021, the Cyber Security Breaches Survey by the UK government revealed that 39% of UK businesses had suffered a cyber-attack or security breach in the previous 12 months. This is an increase from the previous year’s survey (32%). The UK’s Fraud and Cyber Crime Reporting Centre, Action Fraud, reported that in 2020, victims of online shopping fraud lost a total of £63.8 million ($88.3 million USD). This represents a 37% increase from the previous year, with the average loss per victim being £720 ($995 USD).


Here, we provide you with the most current and up-to-date data on cybercrime stats for the year 2023.


Our statistics are based on the most recent information available as of 12th April 2023. We believe that staying informed about cybercrime is crucial in today’s digital world. Our goal is to provide you with accurate and reliable data that you can use to protect yourself and your organisation.

Cyber Crime Stats UK


In 2020, the UK saw nearly 700 cyber incidents per month on average, according to the NCSC.


39% of UK businesses reported cyber-attacks or security breaches in the past year.


Action Fraud received over 1 million reports of fraud and cybercrime in the UK in 2020


UK businesses lost £1.9 billion ($2.6 billion USD) to cybercrime in 2020.


75% of large organisations and 45% of small businesses in the UK experienced phishing, the most common cybercrime


In 2020, UK consumers lost £479 million ($662 million USD) to financial fraud, according to UK Finance


A data breach costs UK businesses an average of £2.93 million ($4 million USD)


Cybercrime costs the UK up to £4.6 billion ($6.3 billion USD) annually.


The NCSC prevented 1,800 attacks targeting the UK’s COVID-19 response in 2020.


According to the UK government’s Cyber Security Breaches Survey 2021, only 23% of UK businesses have a formal written cybersecurity policy or set of policies


In 2022 Cyber Crime cost UK Businesses an average of £4,200


81% of Cyber Attacks and Data Breaches happen to Small to Medium Sized Businesses

What is Cyber Crime?

Cybercrime refers to any criminal activity carried out using computers and the internet. With the rise of technology and the increasing reliance on digital communication, cybercrime has become a significant concern for individuals, businesses, and governments worldwide. Cybercrime can take many forms, including hacking, identity theft, phishing scams, and cyberbullying. Hacking involves gaining unauthorised access to computer systems, networks, or data and can be done for various malicious purposes. Phishing scams are designed to trick individuals into providing personal information through fraudulent emails or websites.


To stay protected, individuals and organisations should take preventive measures such as using strong passwords, keeping software up to date, and being cautious of suspicious emails or websites. Cybercrime is a growing threat that requires awareness and proactive action to mitigate its impact.

Global Cyber Crime Statistics

In late February 2020, the NCSC was evaluating a number of new takedown initiatives for the new financial year. The final decision on which initiatives would be implemented was made in March, just as the UK was entering thefirst lockdown. The NCSC noted the link between commodity cyber crime and subsequent fraud that may follow a breach of credentials or personal information through phishing or similar attacks. To do more to prevent this, they decided to see whether the Takedown service could lower the value proposition for other types of high-volume internet-enabled fraud.


 Let’s take a look at the newly targeted attacks by type between March and December 2020.

Attack Type

Number of Attacks


Number of Attack Groups


Median Availability


COVID-19 themed cybercrime




Fake shops




Fake celebrity endorsement scams




Remote Access Trojans (RATs)




Banking trojans




The term “median availability” typically refers to the amount of time that a particular service or system is available to users over a given period of time. The median availability is the middle value in a range of availability measurements taken over that period.

 From March 2020 to the end of the year, the NCSC dismantled 29,959 COVID-19 themed attack groups, which included 33,313 URLs. These attacks were classified by type and occurred between March and December 2020.


Advance fee fraud: 18,547 attacks


Malware attachment mail server: 4,930 attacks


Advance fee fraud mail server: 2,220 attacks


Phishing URL mail server: 1,742 attacks


Fake shop: 2,943 attacks


Malware infrastructure URL: 1,844 attacks


Phishing URL: 339 attacks


Malware distribution URL: 350 attacks


DKIM signed email domain: 133 attacks


Malware command and control centre: 127 attacks

What is a fake shop?

A fake shop is a type of online scam where fraudsters create a fake e-commerce website that appears to sell legitimate products. They often use high-quality images, descriptions, and prices to make the fake shop look real and attract unsuspecting shoppers. However, the products are either non-existent, counterfeit, or vastly different from what is advertised. The goal of the scam is to trick people into paying for products that they will never receive, allowing the scammers to profit from fraudulent transactions.


Fake online shop sites typically offer outlandish discounts on popular items to attract victims. They do not map to a real business and if a victim were to try to purchase an item, they would probably be charged for counterfeit goods or receive nothing at all. Between April 2020 and the end of the calendar year, the NCSC identified and took down 139,522 fake shops (222,353 URLs).

UK government-themed phishing

In 2020, the NCSC took down 11,286 UK government phishing campaigns, a total of 59,435 URLs. These attacks were hosted all over the world and the median availability of these attacks was 21 hours, with 52% taken down within 24 hours of discovery.

UK Cyber Crime Stats

  • Online shopping fraud cost victims £63.8 million.
  • 2.3 million cases of computer misuse were reported in the UK.
  • Over 1 million unauthorised access incidents to personal information were report
  • More than 400,000 cases of fraud and computer misuse were recorded.
  • 46% of UK businesses experienced a cyber-attack. The average cost of a cyber-attack to a UK business was £3,230.
  • Phishing scams were the most common type of cyber-attack in the UK, accounting for 44% of all incidents.
  • Ransomware attacks in the UK increased by 70%.
  • The UK was the second-most targeted country in the world for cyber-attacks, after the US.
  • Cybercrime cost UK businesses an estimated £21 billion per year.
  • The average cost of a cyber-attack to a UK business was £9,270.
  • UK residents received over 208 million scam emails. Over 69,000 cases of identity theft were reported in the UK.
  • 46% of UK consumers have been a victim of cybercrime.
  • 25% of UK consumers believe they will fall victim to cybercrime in the future.
  • UK cybercrime costs the economy an estimated £27 billion per year.
  • Only 15% of UK businesses have a formal cybersecurity incident management plan.
  • The COVID-19 pandemic led to a 31% increase in cyber-attacks targeting UK businesses.
  • UK businesses take an average of 38 days to identify a cyber-attack and 43 days to recover fully.

How much does Cyber Crime cost the UK & Economy?

According to a report by the UK government, cybercrime cost the country an estimated £14.8 billion in 2016-2017 alone. This cost includes the direct financial losses suffered by victims, as well as the indirect costs associated with the disruption of business operations, damage to reputation, and the expenses incurred in responding to cyber-attacks.


 In addition to the immediate financial costs, cybercrime can also have long-term impacts on the economy, such as reduced investor confidence, decreased competitiveness, and a loss of intellectual property. The costs of cybercrime are not limited to the UK, as it is a global issue that affects businesses and individuals worldwide.

Is Cyber Crime Increasing?

Yes, cybercrime is increasing. The UK’s National Cyber Security Centre (NCSC) reported a record number of cyber incidents in 2020, with almost 700 incidents reported per month on average. According to a UK government report, cybercrime cost the country an estimated £14.8 billion in 2016-2017. This cost includes victims’ direct financial losses as well as the indirect costs associated with business disruption, reputational damage, and expenses incurred in responding to cyber-attacks.


In addition to the immediate financial costs, cybercrime can have long-term economic consequences such as decreased investor confidence, decreased competitiveness, and intellectual property loss. Cybercrime is a global issue that affects businesses and individuals worldwide, so its costs are not limited to the United Kingdom.


One British business that suffered a significant cyber-attack was British Airways in 2018. The attack resulted in the theft of the personal and financial data of approximately 380,000 customers. The company detected the attack in September 2018, and after an investigation, it was revealed that the attackers gained access to the company’s payment page and inserted a malicious script, which diverted customers to a fraudulent website where their data was harvested.


The breach had severe consequences for British Airways, including a fine of £20 million from the UK’s Information Commissioner’s Office (ICO) for failing to protect the personal and financial data of its customers adequately. The fine was the largest ever handed out by the ICO, and it sent a clear message to businesses that the regulator would not tolerate negligence when it comes to cybersecurity.

How do you prevent Cyber Crime?

Preventing cybercrime involves taking proactive measures to protect yourself, your business, and your personal information from cyber threats. Here are some key steps individuals can take to prevent cybercrime:

Keep your software up to date.

Use strong passwords.

Be cautious of suspicious emails or websites.

Use antivirus software.

Practice safe browsing

Educate yourself and your employees.

Backup your data.

If you are a business owner who is concerned about cybersecurity, we offer decades of experience in IT to assist you.


Whether you are an individual looking to protect your personal information, or a business owner concerned about the security of your company’s data, our Latest 2023 Cyber Crime Statistics page has something for everyone. Don’t hesitate to reach out to us for guidance and support in protecting your business from cyber threats.


We gather the latest cybercrime statistics from various sources including the National Cyber Security Centre (NCSC), The Office of National Statistics (ONS), the FBI’s Internet Crime Complaint Centre (ICCC), Kaspersky and the National Crime Agency (NCA). These organisations provide valuable insights and analysis on the latest cybercrime trends, helping us stay informed and better equipped to protect your business against potential threats.

Claim your FREE cyber business assessment today

    Help Desk