Features - Business

£115M lost to cyberattacks

28 Nov 25

Small construction firms lose over £115 million to cyberattacks annually, making it the UK’s third-most financially impacted sector, according to a new study.

The research, money.co.uk analysis of government cyber breach figures, reveals that cyberattacks now cost small and micro UK businesses alone up to an estimated £921.2 million in total each year.1

This comes amid a new report that reveals that over 7,000 construction firms are in critical financial distress, leaving them particularly vulnerable to any financial losses due to cyberattacks.2

To help, the business finance experts at money.co.uk business savings accounts have identified the worst-affected industries and offered tips to help small businesses protect themselves.

Estimated cost of cyberattacks on small businesses by sector:

Rank	Industry sector	Businesses that identified breaches or attacks in the last 12 months✝	Number of micro & small businesses	Estimated attack prevalence	Estimated annual cost
1	Professional, scientific, or technical	55%	183,435	100,889	£152.3m
2	Administration or real estate	48%	173,725	83,388	£125.9m
3	Construction	40%	191,555	76,622	£115.7m
4	Retail or wholesale	32%	238,285	76,251	£115.1m
5	Information or communications	69%	73,280	50,563	£76.4m
6	Utilities or production	48%	87,805	42,146	£63.6m
7	Food or hospitality	30%	139,515	41,855	£63.2m
8	Entertainment or service	42%	95,740	40,211	£60.7m
9	Health or social care	41%	58,195	23,860	£36.0m
10	Transport or storage	35%	45,020	15,757	£23.8m
11	Finance or insurance	48%	22,800	10,944	£16.5m

Two in five (40%) construction businesses identified a cyber attack in the last 12 months, ranking among the top 10 most targeted sectors. Based on this, the industry has an estimated prevalence of 76,622 breaches at a total cost of around £115.7 million.

Supply chain vulnerabilities may explain the high rate of cyberattacks in the construction industry. Projects involve many moving parts, like subcontractors, suppliers, architects, and engineers, who all need to share plans, invoices, and schedules online. Experts at AXA say “the more parties involved in a project, the more opportunities there are for hackers to exploit weak links in the supply chain.”3

Joe Phelan, money.co.uk business bank accounts expert, comments: “Cyberattacks continue to pose a serious risk, particularly for smaller businesses, as the data shows average costs to micro and small firms have risen by more than 90% in the last 12 months. No business is too small or too large to be a target – all need to take steps to protect themselves against cyberattacks and plan for any incidents.

“That means building cyber awareness into everyday operations by prioritising measures like staff training, regular software updates, and early detection systems that flag unusual activity. It’s also crucial to plan for the potential financial impact of an attack or being forced to close temporarily due to a threat.

“You can be better prepared to cover any unexpected costs or financial losses by building a financial buffer in a high-interest, instant-access business savings account. Having this financial safety net in place allows you to continue operating confidently and have a pot to draw on for investing in better cybersecurity over time as well.

“Using a dedicated business bank account also offers preventative protection. For example, many banks offer business accounts with built-in fraud prevention tools, such as Positive Pay controls, which verify outgoing checks against your company’s list of issued checks. Features like this can help you spot and block fraudulent transfers early, reduce the chance of account takeover, and limit the losses from hacks.

“Proactive planning, both technically and financially, gives businesses the best chance of recovering quickly and minimising the long-term impact of cyber breaches.”

If you would like to read more stories like this, then please click here