UK.gov launches cyber 'lockdown' campaign as 80% of orgs hit

The UK government has launched a new cybersecurity campaign urging businesses to "lock the door" on cybercriminals, as fresh data reveals that the vast majority of organizations remain vulnerable to digital attacks.

According to the government's latest Cyber Security Longitudinal Survey, a multi-year study tracking organizational security practices, 82 percent of businesses and 77 percent of charities in the UK reported experiencing some form of cyber incident over the past year. This reinforces the troubling reality that cybersecurity breaches are now routine rather than exceptional events.

The survey data paints a concerning picture of persistent vulnerabilities. Risk profiles appear to be "sticky," with 54 percent of organizations reporting similar incident experiences or impacts across multiple surveys. This suggests the security gap between well-protected organizations and those lagging behind isn't closing quickly, despite years of warnings and guidance.

Perhaps most alarming is the continued low adoption of Cyber Essentials, the government's flagship baseline security standard. While adherence has increased, only 30 percent of businesses and 28 percent of charities have implemented the scheme. This means roughly seven in ten larger organizations still aren't following what ministers describe as the digital equivalent of locking the front door.

Cybersecurity minister Baroness Lloyd emphasized that no organization is too small to be targeted. "No business is out of reach from cybercriminals," she stated. "SMEs play a vital role in our economy, and business owners work incredibly hard to build something valuable, but too many still assume cybercriminals only go after big brands. The reality is that criminals look for easy opportunities, and without basic protections in place, any business of any size can become a target."

The new campaign will run across multiple channels including social media, podcasts, radio, and business networks, specifically targeting small and medium-sized enterprises. The messaging focuses on practical steps that many attacks still exploit, such as patching software and tightening access controls.

To encourage adoption, the government is offering several free resources:

• An online readiness check to assess current security posture
• Free 30-minute consultations with NCSC-assured advisors
• A preview of the Cyber Essentials certification question set

The survey accompanying the campaign reveals gradual improvement in some areas but persistent unevenness across the board. Governance practices, security planning, and cyber insurance coverage vary widely depending on the organization's size and sector. Cost pressures and competing business priorities continue to be cited as barriers to implementing stronger security measures, even as threats continue to evolve and multiply.

This latest push comes amid a series of high-profile breaches affecting UK government departments and agencies. Recent incidents include the Ministry of Justice's £50 million security spending that failed to prevent a Legal Aid Agency cyberattack, and months-long recovery efforts by London boroughs following major breaches.

The government's data suggests that while awareness of cybersecurity threats has increased, translating that awareness into action remains a significant challenge. With 82 percent of businesses reporting incidents and 70 percent still not adopting basic security standards, the message is clear: many organizations have yet to find the keys to their own digital security, let alone lock the door against increasingly sophisticated cybercriminals.

As the campaign rolls out, the government faces the ongoing challenge of convincing organizations that cybersecurity isn't just an IT issue but a fundamental business requirement in an increasingly digital economy.