UK organizations suffered more than 26 successful ransomware attacks each month last year, with SMEs hit hardest, according to new data from Report Fraud.
The UK’s cybercrime and fraud reporting service was contacted by 323 corporate ransomware victims between April 2025 and March 2026, according to City of London Police. Over 50% of reports were from small and mid-sized companies.
Financial losses associated with these incidents increased 50% annually to around £270,000 ($357,000), although the police force admitted this was likely an underestimate given many businesses do not fully disclose the figure.
Not all victims confirmed their vertical, but of those that did, the manufacturing industry accounted for most reports (42), followed by the scientific and technical sector (21) and education (19).
Read more on UK ransomware: UK Ransom Payments Double as Victims Fall Behind Global Peers
Chief superintendent Amanda Wolf, head of Report Fraud operations, explained that preparation is the best form of defense for firms.
“We encourage businesses to be proactive – through regular data backups, strong access controls, keeping systems up to date, and following National Cyber Security Centre guidance,” she added. “These can all significantly reduce the risk and impact of an attack.”
Last year was a particularly bad one for UK firms, with big-name breaches at Marks & Spencer, Co-op Group and Jaguar Land Rover costing the national economy billions. This week, Russian hackers were blamed for the latter, with experts arguing that the attack may have been designed with sabotage rather than financial motives in mind.
Reporting Remains Patchy
Security experts believe the real figure for ransomware breaches last year is most likely even higher.
Talion CEO, Kevin Knight, urged corporate victims not to pay their extorters.
“Attackers will rarely return data in full, and it can often be returned in a format that completely differs from its original form. This means organizations still have a lot of work to decrypt the data, understand what is missing and rebuild systems. This is a massive job and it’s rarely something that can be done quickly,” he explained.
“Furthermore, decryption keys don’t always work, which means organizations can pay a demand, but they still can’t rebuild their data.”
Knight echoed Report Fraud’s Wolf in urging organizations to focus on preventative security in order to minimize risk exposure.
The UK is still mulling plans for mandatory ransomware reporting and a ban on payments from public sector bodies and critical infrastructure (CNI) providers. In the meantime, the true extent of criminal activity will remain hidden, argued Closed Door principal Cyber Essentials assessor, Timon Johnson.
“Ultimately resilience and prevention are the solution to these problems: ransomware can be damaging, but it’s no longer an existential problem when companies adopt proper practices, like maintaining regular and thorough backups, implementing proper access controls, keeping data in cold-storage, and so on,” Knight added.
“A legal framework which incentivized accurate and open reporting around ransomware might help to highlight the seriousness of the problem and encourage more organizations to prioritize prevention, but until then we’ll continue to see reticence and omission.”