Government publishes independent study revealing cost of cyber attacks to UK economy

Published
11/27/2025

New independent research from DSIT reveals the scale of economic disruption caused by cyber-attacks across UK sectors

New independent research from DSIT reveals the scale of economic disruption caused by cyber-attacks across UK sectors. From fraud and IP theft to service outages and infrastructure risks, the findings highlight why stronger, economy-wide resilience measures are essential.

On Wednesday 12 November, the Department for Science, Innovation and Technology (DSIT) published independent research examining the economic impact of cyber-attacks in the UK. The research is comprised of five reports conducted by KPMG, Alma Economics, and Frontier Economics.

The study includes five research papers analysing the following areas: sector-specific costs, intellectual property and knowledge asset theft, fraud resulting from data breaches, consumer impact, and disruptions to rail networks.

Core findings:

  • Average cost of a significant cyber-attack (defined as a successful attack costing at least £500) for an individual UK business, across all firm sizes and sectors: approximately £195,000.
  • Estimated annual UK cost of significant cyber-attacks: £14.7 billion, equivalent to around 0.5% of the UK’s GDP.
  • Intellectual property and knowledge asset theft from cyber-attacks is estimated to cost the UK between £1 billion and £8.5 billion in 2024, equivalent to 0.04% and 0.30% of GPD per year.

Summary of research papers

1. Sector specific costings

KPMG’s analysis of the cost of cyber-attacks on individual businesses is broken down by sector and business size. The study considered two key variables: the average cost of a cyber-attack and the likelihood of experiencing one. The findings are based on potential outcomes and are intended to provide indicative estimates rather than precise figures.

Sectors incurring the highest average costs include information services, management, entertainment, manufacturing, and financial services, each losing more than £300,000 per incident.

Economic Modelling of Sector Specific Costings of Cyber Attacks, KPMG

2. Cost of IP and knowledge asset theft

Alma Economics report focuses on the economic impact on intellectual property and knowledge assets theft. The analysis is based on a literature review, expert input, regression modelling and case studies.

The report found that small to medium-sized enterprises (SMEs) are at a high risk of IP attacks as rival product development is more challenging to recover from.

Economic Impact of Intellectual Property and Knowledge Assets Theft from Cyber Attacks in the UK, Alma Economics

3. Cost of fraud due to data breaches

The Frontier Economics report examines the estimated cost of individual fraud cases enabled by data obtained through organisational data breaches. The study provides a strong indication of the scale of economic disruption. Key findings include:

  • Approximately 437,000 people are victims of fraud resulting from organisational data breaches – representing around 11% of all estimated fraud victims in the UK.
  • These cases account for 8% of the annual cost of fraud, amounting to approximately £755 million per year.
Assessing the Feasibility of Modelling the Link Between Data Breaches and Fraud, Frontier Economics

4. Impact on consumers

The KPMG report examines the impact of cyber-attacks on consumers across five key sectors. The economic value of these losses is based on the disruption of services and restricted access to goods. Key findings include:

  • Financial services – Loss of online banking for a three-day period is estimated to result in losses ranging from £5.5 million to £231 million. Motor vehicle insurance disruptions lasting around 11 days could cost between £10,000 and £690,000.
  • Healthcare – An attack on hospitals is estimated to cost £11.14 million, occurring three times per year, while attacks on GP practices cost approximately £20,000 each, with an average frequency of 37 incidents annually.
  • Creative industries and the arts – This diverse sector faces multiple points of attack, including online ticketing (£0.6 million to £161 million), online video streaming services (£2.8 million to £197 million), cultural institutions (£270,000) and libraries (£20,000), with varying attack frequencies.
  • Real estate and renting – Loss of transaction systems is estimated to cost between £140,000 and £240,000 every seven months.
  • Manufacturing – Consumer cost data for pharmaceutical manufacturing will be released in a subsequent report.
The Economic Impact on Consumers of Cyber Attacks, KPMG

5.Impact of the rail network

The KPMG report outlines the economic impact of a cyber-attack on rail network. The analysis indicates that an attack on rail services would have severe consequences. A systemic cyber incident is estimated to cost £1.8 billion for a one-week period of disruption. This hypothetical scenario would include:

  • Direct financial cost to Network Rail: Approximately £123 million.
  • Cost to passengers due to delays: Around £281.3 million.
  • Impact on Gross Value Added (GVA): Up to £1.397 billion, representing approximately 2.8% of the UK’s weekly GDP and 0.05% of annual GDP.
The Economic Impact of a Systemic Cyber Incident to the Rail Network, KPMG TO READ MORE