Newly published research finds that each successful breach can hurt the balance sheet of companies to the tune of hundreds of thousands of pounds, with total nationwide impact of £14.7bn

New research published by the government suggests that the average cost of a significant cyberattack for businesses in the UK could be as high as £195,000.

When looked at on a national level, the annual cost to the UK economy could be £14.7bn or 0.5% of the UK’s gross domestic product (GDP) according to a government-commissioned report from KPMG.

The research was released as part of the government’s new cybersecurity bill, designed to bolster the UK’s resilience in the face of growing online threats from criminals and foreign states. 

“As the world becomes more complex and unpredictable, there are also a growing number of aggressors with the means, intent and capability to do the UK harm,” said the report. “The scale of the problem is undeniable.”

In 2024, the National Cyber Security Centre (NCSC) managed, on average, one significant cybercrime incident every two days. These are the incidents defined as having a serious impact on essential services, public safety, or economic stability.

Additionally, 43% of UK businesses reported experiencing a cybersecurity breach or attack, totalling over 600,000 organisations. 

Related content

• Cybercrime: One in every 1,000 CMA offences were charged in FY25
• Capita given penalty £14m over cyberattack despite urging ICO to apply non-fining public-sector approach
• Scottish Government unveils new cyber plan including threat early-warning system

“Historically, our understanding of the economic impact of cyberattacks has focused on immediate financial costs to affected organisations, such as businesses,” said the report. “This narrow focus risks underestimating the true cost of cyberattacks to the UK economy. To address this, the government funded independent research to better understand and quantify the wider economic impact of cyberattacks on the UK economy.”

According to a report from KPMG, a week-long systematic cyberattack on the UK’s rail network could cost the country up to £1.8bn. The hypothetical attack could result in a direct financial cost to Network Rail of £123m, a cost to passengers in delays of £281.3m and a potential impact on gross value added (GVA) of up to £1.397bn. The estimated GVA impact represents approximately 2.8 per cent of the UK’s total GDP per week and 0.05 per cent of its annual GDP.

Additionally, Alma Economics found that cyberattacks attempting theft of intellectual property and knowledge assets cost the UK up to £8.5bn in 2024 alone. Case studies considered in the report showed that in some cases, intellectual property theft could pose an existential threat to smaller businesses if it is used to develop rival products, enabling larger firms to compete more aggressively on price or leverage stronger marketing and post-sales support.

A version of this story originally appeared on PublicTechnology sister publication Holyrood