More than a quarter of UK businesses have suffered a cyber-attack in the past year, according to new research by the Royal Institution of Chartered Surveyors (RICS), raising serious concerns about how well-prepared companies are to defend themselves in an increasingly digital economy.
The RICS report, based on a survey of firms across sectors including property, finance and construction, found that 26% of respondents had experienced a cyber incident within the past twelve months. Many of the breaches involved data theft, ransomware or phishing attacks—often carried out by sophisticated international criminal networks.
Despite the growing threat, the report warns that a significant proportion of UK businesses remain worryingly complacent. RICS described the current state of preparedness as “sleepwalking”, noting that many organisations lacked basic cyber hygiene, such as regular software updates, staff training or formal incident response plans.
The construction and property sectors were singled out as particularly vulnerable, due in part to their reliance on legacy systems, dispersed workforces, and complex supply chains. However, the report suggests the issue is widespread, with medium-sized enterprises most frequently affected—too large to fly under the radar, but often without the resources to invest heavily in cyber security infrastructure.
Paul Bagust, head of property standards at RICS, said: “The findings are a wake-up call. Many businesses assume they won’t be targeted, but cyber-attacks are becoming more opportunistic and indiscriminate. Firms of all sizes and across all sectors need to take cyber resilience seriously.”
The consequences of cyber incidents can be significant. Beyond the immediate disruption to operations, firms may suffer reputational damage, legal liabilities, and long-term financial losses. In some cases, breaches have led to sensitive client data being leaked or stolen, triggering regulatory investigations and hefty fines.
Experts have also warned that the rise of hybrid working models—accelerated by the pandemic—has increased exposure to cyber risks. With more employees accessing systems remotely, and often from personal devices or unsecured networks, the threat surface has expanded rapidly.
Government figures released earlier this year supported the RICS findings, showing that 32% of UK businesses reported cyber breaches or attacks in 2024. However, only 14% said they had conducted a cyber risk assessment in the previous year, and just 18% had any form of cyber insurance.
The RICS report calls for urgent action, recommending that firms carry out regular audits, embed cyber training into company culture, and engage with external experts to stress-test their defences. It also urges greater collaboration across industries to share best practice and respond quickly to emerging threats.
While many large corporations have invested heavily in cyber resilience in recent years, the gap between well-prepared firms and those lagging behind appears to be widening. Without more consistent safeguards and leadership, analysts warn that the UK economy risks systemic vulnerabilities as digital dependency deepens.
REFH – newshub finance
Recent Comments