UK organizations suffered 323 confirmed ransomware attacks between April 2025 and March 2026, according to data from Report Fraud and the City of London Police. Small and mid-sized enterprises bore the brunt of the assault, representing over 50% of reported incidents. The average financial loss per attack climbed 50% annually to around £270,000 ($357,000), though authorities acknowledge this figure likely understates the true cost as many businesses withhold complete financial disclosures.
Manufacturing emerged as the hardest-hit sector with 42 reported attacks, followed by scientific and technical services with 21 incidents and education with 19. The data reflects only organizations that voluntarily disclosed their industry vertical to authorities. High-profile breaches at Marks & Spencer, Co-op Group, and Jaguar Land Rover during the period cost the UK economy billions, with Russian threat actors blamed for the automotive manufacturer attack, which experts suggest may have prioritized sabotage over financial gain.
Security professionals warn the actual attack volume exceeds reported figures due to persistent underreporting. Chief Superintendent Amanda Wolf of Report Fraud operations stressed that preparation remains the most effective defense, recommending regular data backups, robust access controls, current system patches, and adherence to National Cyber Security Centre guidance. These measures can substantially reduce both attack likelihood and impact severity.
Experts strongly advise against paying ransom demands. Talion CEO Kevin Knight explained that attackers rarely return complete datasets, often delivering data in altered formats that require extensive decryption and reconstruction work. Decryption keys frequently malfunction, leaving organizations unable to recover their systems despite payment. The recovery process typically proves time-consuming and resource-intensive even when keys function properly.
The UK government continues deliberating mandatory ransomware reporting requirements and potential payment bans for public sector entities and critical infrastructure providers. Until such regulations take effect, the true scale of ransomware activity will remain obscured. Security assessors argue that resilience and prevention through proper backup practices, access controls, and cold storage implementation transform ransomware from an existential threat into a manageable incident. A legal framework incentivizing transparent reporting could highlight the problem's severity and drive organizations toward prioritizing preventative security measures.
Source: https://www.infosecurity-magazine.com/news/over-300-uk-firms-hit-ransomware/


