Independent research on the economic impact of cyber attacks on the UK
A set of reports detailing the costs and economic impact of cyber attacks on the UK economy.
Documents
Details
Cyber attacks are a growing threat to the UK economy. This collection of independent research quantifies the cost of cyber attacks across different parts of the economy.
Key findings
-
The KPMG sector-specific costings report estimates the average cost of a significant cyber attack* for an individual business in the UK is almost £195,000.
-
When scaled to an annual UK cost, this amounts to £14.7 billion, equivalent to 0.5% of the UK’s GDP.
-
Separately, Alma Economics estimates that cyber attacks attempting intellectual property and knowledge-assets theft cost the UK between £1 billion and £8.5 billion in 2024.
-
Modelling suggests fraud episodes linked to organisational data breaches are likely to cost around £755 million per year.
-
The consistent theme across all these reports is the cyber risk is pervasive and significant.
This research was published on 12 November 2025 as part of the introduction of the Cyber Security and Resilience Bill to Parliament.
The individual research reports are:
- Economic Modelling of Sector Specific Costings of Cyber Attacks, KPMG, 2025
- Economic Impact of Intellectual Property and Knowledge Assets Theft from Cyber Attacks in the UK, Alma Economics, 2025
- Assessing the Feasibility of Modelling the Link Between Data Breaches and Fraud, Frontier Economics, 2025
- The Economic Impact on Consumers of Cyber Attacks, KPMG, 2025
- The Economic Impact of a Systemic Cyber Incident to the Rail Network, KPMG 2025
The estimates presented in these reports are derived using distinct methodologies and are not intended to be additive. Each report focuses on different sectors and impact types, and while they collectively illustrate the breadth of economic risk, they should not be summed to produce a single GDP impact figure.
This independent research will allow decision makers to better understand the potential scale of impact when different kinds of organisations or sectors in the UK are attacked. The research informs the government’s policy making on cyber security and the wider work to drive industry adoption of cyber security measures and improve cyber resilience across the UK economy.
This research was supported by the Department for Science, Innovation & Technology, while reports 1, 2, 4 and 5 were also supported by the R&D Science and Analysis Programme at the Department for Culture, Media & Sport. The reports were developed and produced according to the research team’s hypotheses and methods. Any primary research, subsequent findings or recommendations do not represent government views or policy.
*Classed as a successful attack with a cost of at least £500. This figure is averaged across all firm sizes and sectors.