Government publishes independent study revealing cost of cyber attacks to UK economy

On Wednesday 12 November, the Department for Science, Innovation and Technology (DSIT) published independent research examining the economic impact of cyber-attacks in the UK. The research is comprised of five reports conducted by KPMG, Alma Economics, and Frontier Economics.

The study includes five research papers analysing the following areas: sector-specific costs, intellectual property and knowledge asset theft, fraud resulting from data breaches, consumer impact, and disruptions to rail networks.

Core findings:

• Average cost of a significant cyber-attack (defined as a successful attack costing at least £500) for an individual UK business, across all firm sizes and sectors: approximately £195,000.
• Estimated annual UK cost of significant cyber-attacks: £14.7 billion, equivalent to around 0.5% of the UK’s GDP.
• Intellectual property and knowledge asset theft from cyber-attacks is estimated to cost the UK between £1 billion and £8.5 billion in 2024, equivalent to 0.04% and 0.30% of GPD per year.

Summary of research papers

1. Sector specific costings

KPMG’s analysis of the cost of cyber-attacks on individual businesses is broken down by sector and business size. The study considered two key variables: the average cost of a cyber-attack and the likelihood of experiencing one. The findings are based on potential outcomes and are intended to provide indicative estimates rather than precise figures.

Sectors incurring the highest average costs include information services, management, entertainment, manufacturing, and financial services, each losing more than £300,000 per incident.

Economic Modelling of Sector Specific Costings of Cyber Attacks, KPMG

2. Cost of IP and knowledge asset theft

Alma Economics report focuses on the economic impact on intellectual property and knowledge assets theft. The analysis is based on a literature review, expert input, regression modelling and case studies.

The report found that small to medium-sized enterprises (SMEs) are at a high risk of IP attacks as rival product development is more challenging to recover from.

Economic Impact of Intellectual Property and Knowledge Assets Theft from Cyber Attacks in the UK, Alma Economics

3. Cost of fraud due to data breaches

The Frontier Economics report examines the estimated cost of individual fraud cases enabled by data obtained through organisational data breaches. The study provides a strong indication of the scale of economic disruption. Key findings include:

• Approximately 437,000 people are victims of fraud resulting from organisational data breaches – representing around 11% of all estimated fraud victims in the UK.
• These cases account for 8% of the annual cost of fraud, amounting to approximately £755 million per year.

Assessing the Feasibility of Modelling the Link Between Data Breaches and Fraud, Frontier Economics

4. Impact on consumers

The KPMG report examines the impact of cyber-attacks on consumers across five key sectors. The economic value of these losses is based on the disruption of services and restricted access to goods. Key findings include:

• Financial services – Loss of online banking for a three-day period is estimated to result in losses ranging from £5.5 million to £231 million. Motor vehicle insurance disruptions lasting around 11 days could cost between £10,000 and £690,000.
• Healthcare – An attack on hospitals is estimated to cost £11.14 million, occurring three times per year, while attacks on GP practices cost approximately £20,000 each, with an average frequency of 37 incidents annually.
• Creative industries and the arts – This diverse sector faces multiple points of attack, including online ticketing (£0.6 million to £161 million), online video streaming services (£2.8 million to £197 million), cultural institutions (£270,000) and libraries (£20,000), with varying attack frequencies.
• Real estate and renting – Loss of transaction systems is estimated to cost between £140,000 and £240,000 every seven months.
• Manufacturing – Consumer cost data for pharmaceutical manufacturing will be released in a subsequent report.

The Economic Impact on Consumers of Cyber Attacks, KPMG

5.Impact of the rail network

The KPMG report outlines the economic impact of a cyber-attack on rail network. The analysis indicates that an attack on rail services would have severe consequences. A systemic cyber incident is estimated to cost £1.8 billion for a one-week period of disruption. This hypothetical scenario would include:

• Direct financial cost to Network Rail: Approximately £123 million.
• Cost to passengers due to delays: Around £281.3 million.
• Impact on Gross Value Added (GVA): Up to £1.397 billion, representing approximately 2.8% of the UK’s weekly GDP and 0.05% of annual GDP.

The Economic Impact of a Systemic Cyber Incident to the Rail Network, KPMG

Why this matters

This research was published by government to support the introduction of the Cyber Security and Resilience (Network and Information Systems) Bill. The Bill is designed to strengthen the UK’s cyber defences across critical sectors, including water, energy, healthcare, transport and digital services.

However, the research highlighted several sectors which are not directly in scope of the Bill. These sectors which include, manufacturing, real estate and renting, and the creative industries, have the potential to cause significant disruption to essential services and the distribution of goods across the UK. Recent cyber-attacks have shown how incidents in these sectors can create knock-on effects for the wider economy. It is important that government consider additional measures which will boost economy-wide resilience, even for sectors that are not directly covered by the new legislation.

techUK looks forward to continuing engaging with research and development in this area and helping to build a stronger economy through the growth of a cyber resilient UK.

Olivia Staples

Junior Programme Manager - Cyber Resilience, techUK

Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.

She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.

Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.

Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).

Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.

Email:

[email protected]

Read lessmore

Cyber Resilience Programme activities

techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.

Industry Roundtable: The future of classified government IT systems and software

Explore the future of classified government IT systems and software at this exclusive techUK industry roundtable. Senior stakeholders will discuss emerging needs, security standards, and opportunities for innovation across classified environments. Join the conversation shaping the next generation of secure government technology.

Register here

 

Upcoming events

26 November 2025

techUK/DSIT: member briefing on the Cyber Security and Resilience (Network and Information Systems) Bill

Online Industry Briefing

3 December 2025

Preparing for post-quantum cryptography migration

Online Webinar

8 December 2025

Secure, resilient and trusted cloud services

Hybrid - techUK Offices and Online Conference

Latest news and insights 

26 Nov 2025

Government publishes independent study revealing cost of cyber attacks to UK economy

24 Nov 2025

As the finance sector is enfolded into the UK’s CNI, what does this mean for its ongoing digital journey?

19 Nov 2025

Government publishes external research on the Managed Service Provider market

Learn more and get involved

 

Cyber Resilience updates

Sign-up to get the latest updates and opportunities from our Cyber Resilience programme.

 

 

Here are the five reasons to join the Cyber Security programme

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

 

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

 Meet the team 

Jill Broom

Head of Cyber Resilience, techUK

Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.

Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.

Email:

[email protected]

Website:

www.techuk.org/

LinkedIn:

https://www.linkedin.com/in/jill-broom-19aa824

Read lessmore

Annie Collings

Programme Manager, Cyber Resilience, techUK

Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023. 

In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.

Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.

Email:

[email protected]

Twitter:

anniecollings24

LinkedIn:

https://www.linkedin.com/in/annie-collings-270150158/

Read lessmore

Olivia Staples

Junior Programme Manager - Cyber Resilience, techUK

Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.

She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.

Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.

Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).

Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.

Email:

[email protected]

Read lessmore

Fran Richiusa

Programme Team Assistant for Public Sector Markets, techUK

Fran serves as the Programme Team Assistant within techUK’s Public Sector Market Programmes, where she is responsible for delivering comprehensive team support, managing administrative functions, and fostering strong relationships with members.

Prior to joining techUK in May 2025, Fran built a meaningful career in the charitable and local government sectors. She worked extensively with both victims and perpetrators of crime, and notably led the coordination of Domestic Homicide Reviews across Surrey—an initiative aimed at identifying lessons and preventing future incidents of domestic abuse.

Outside of work, Fran is an avid traveller and a proud cat mum who enjoys unwinding with her feline companions.

 

Email:

[email protected]

Website:

www.techuk.org/

LinkedIn:

https://www.linkedin.com/in/francesca-richiusa/

Read lessmore