Cyber Crisis: Surge in attacks leaves UK public feeling unsafe online

• Over a third of UK adults don’t know what to do after a cyber hack with fear gripping over half

• Majority of Brits feel their data is not safe (three in four)

• Over a third believe their data is sold

Brits are losing faith in online safety and data protection, as the UK's cybercrime surge continues, new research shows. One in three adults state they have witnessed more levels of hacking this year than any other year. Official data from the 2025 Cyber Security Breaches Survey suggests incidents are now happening at around one hacking incident per minute*.

The warning issued by the Institution of Engineering and Technology to kickstart Cyber Security Awareness Month, follows a spate of high-profile breaches at Heathrow airport, Jaguar Land Rover, Marks & Spencer and Co-op. The IET says these attacks are symptomatic of a wider crisis now encroaching into people’s daily lives.  

Public fear grows – but action remains limited

The scale of the threat is clear with one in seven (14%) UK adults, rising to one in five among those aged 25–34, already falling victim to cybercrime. More than half (56%) admit they are fearful of being hacked in the future, while 74% believe hackers are becoming more inventive – with 67% saying they are now harder to detect. Yet despite these fears, one in five still dismiss the risks as “overexaggerated”, even as criminals infiltrate our daily communications. Nearly one in five (18%) say they have received daily fraudulent messages via Facebook, 17% on WhatsApp, 14% by text and 12% on Instagram.
 
Even after being targeted, many fail to take action. While half of those hacked now monitor their accounts more closely, one in eight admit they have not changed their behaviour at all. Among 16–24 year olds, only 27% report increased vigilance. 

When alerted that their password may have been compromised, over one in five (22%) either delete warning messages or only act if the message comes from a trusted source – with the IET warning that it takes just one successful attack to bring down an entire organisation or commit fraud with your personal details.

Calls for Business and Government to do more 

The question of responsibility is pressing, with seven in ten people believing businesses need to do more to safeguard personal data, while two-thirds say government should prioritise cyber security and invest in public awareness campaigns. Yet confidence is low with only 24% of us thinking our data is secure, and more than a quarter suspect companies of selling information without consent – meaning that as trust erodes many now actively avoid sharing personal data, convinced of its financial value.

Expert voices urge vigilance and education

Dr Junade Ali, cyber security and digital forensics expert and Fellow at the IET said: “Cybersecurity remains a key threat to our critical national infrastructure and to our own lives. These findings show that while awareness of cyber threats is growing, there’s still a gap in confidence and preparedness. We must continue to educate and empower the public to take control of their digital safety. By following best practice, and staying alert, we can all help secure ourselves and society at large.”

Tony Neate, CEO at Get Safe Online said: "Most of us use the internet more than ever, and in fact there doesn’t seem to be much that we can’t do online. But because of the scams, disrespectful behaviour and inappropriate content that have unfortunately become so commonplace, it’s essential that we all look after ourselves, our families, finances, devices and workplace as best we can. Three simple basic tips to remember – always install your software updates, use passwords that are unique and not connected to your personal life and if something seems too good to be true it probably is. If you want to check out lots more advice, check out our Back-to-Basics tips at www.getsafeonline.com."

Exploiting multiple channels

Attacks come through multiple routes with the research showing that almost a third of victims are targeted through hacked email, social media or banking accounts, while a quarter were tricked into sending money or personal details through romance scams or fake investments. Others were hit by phishing texts, malware apps or infected devices. These findings highlight the diverse and evolving tactics used by cybercriminals to exploit individuals online.

Methodology

The survey was conducted by Opinion Matters between 19-22 September 2025, sampling 2,000 UK adults aged 16 and over. Opinion Matters is a member of the Market Research Society and British Polling Council.

It follows research the IET released last May on World Password Day (2 May 2024), which showed that only one in five people in the UK could correctly identify a secure password over a compromised one, with a fifth of people using the same password for multiple websites and devices.

The IET’s top tips to boost your security and keep hackers away:

• Create strong, unique passwords for every account.
  Use long, randomly generated passwords or secure passphrases (e.g., three unrelated words) instead of short or complex ones.
• Protect your email account with extra care.
  Use a strong, unique password for your primary email account, as it can be used to reset access to other services. Combine this with biometrics (e.g., fingerprint, Face ID) and a secure device PIN where possible.
• Use a password manager and explore password-less authentication.
  A reputable password manager can securely generate, store, and monitor credentials. Where supported, consider modern authentication methods like passkeys, biometrics, or hardware security keys.
• Enable Two-Factor Authentication (2FA) on all critical accounts.
  Strengthen account security by enabling 2FA. Authenticator apps or hardware tokens are more secure than SMS-based codes.
• Regularly back up important data.
  Use trusted cloud services or encrypted external drives to maintain secure backups in case of data loss or ransomware attacks.
• Keep software and devices up to date.
  Install updates promptly to patch security vulnerabilities. Avoid using devices that no longer receive support or updates from the manufacturer.
• Enable SIM card protection.
  Set a PIN code for your SIM card to help prevent account takeovers if your mobile device is lost or stolen.
• Be alert to phishing and social engineering.
  Do not click on suspicious links or attachments. Verify the legitimacy of emails, messages, and websites – especially when asked to provide personal or financial information.
• Limit app permissions and access to personal data.
  Review and restrict app access to contacts, location, camera, and other sensitive data to reduce exposure.
• Avoid using unsecured public Wi-Fi for sensitive activities.
  If necessary, use a reputable virtual private network (VPN) to encrypt your connection when on public networks.
• Secure your devices with strong lock settings.
  Enable automatic screen locking and use strong passcodes or biometric authentication to protect against unauthorized access.
• Monitor your accounts for unusual activity.
  Enable login alerts, review access logs where available, and act quickly if suspicious behaviour is detected.
• Establish digital recovery and legacy options.
  Set up account recovery methods and designate trusted contacts for critical accounts to prepare for unexpected events

Additional expert insight

Jayne Black, Policy Manager for the IET’s Digital Futures Policy Centre said: “The rise of cybercrime is certainly worrying, but there are a lot of things that can be done to protect yourself or your business from attack. Greater awareness will lead to greater vigilance when the digital future, though bright, is open to vulnerabilities such as this.”

Anni Feng, Chair of the IET’s Digital Futures Policy Centre said: “The research highlights the growing range of tactics used by cybercriminals, which are becoming increasingly difficult for people to detect. For some of these tactics, the first step might not even take place online. QR codes, for example, have become part of everyday life – used at GP practices for check-in, in museums to provide visitor information, and at conferences to join live polls. Because they appear in trusted environments and serve legitimate purposes, we might not always pause before scanning and clicking on the link. As a community of engineers and technologists, we have the responsibility to firstly stay informed and engaged with the topic of cyber security, and secondly design systems/infrastructure with this in mind to support users making safe choices and enable cyber resilience.”

Dr Graham Herries, Chair of the IET’s Policy Oversight Committee said: “Cyber threats are evolving faster than ever, and the UK’s recent breaches are a stark reminder that our digital defences are only as strong as the people behind them. To close the capability gap, we must inspire and equip the next generation of tech talent – especially in cyber security, automation, and engineering – before the risks outpace our readiness."

Annabel Ohene, IET member and Cyber Security and Networks Engineer said: "Adding cyber security measures into daily life may require additional effort from users when engaging with digital services, but cyber safety is increasingly important as the threat landscape continues to evolve. While companies have a responsibility to defend against malicious activity, empowering users to take ownership of their cyber security creates multiple layers of protection across entire systems."

 Dawn Ohlson, President of the IET said: “Cyber security hinges on two essential principles: vigilance and resilience – and this is for everyone, from the boardroom to the living room. Always approach emails and attachments with caution. Be alert, be sceptical, and verify before you click. For governments and industries, defending against cyber threats demands a multi-layered, holistic strategy. This means sustained investment, cross-sector collaboration, and long-term strategic planning – all of which is vital to staying ahead of an ever-evolving threat.”

 Rimesh Patel, IET member and Independent Cyber Specialist said: “The research underscores the urgent need for enhanced cybersecurity as the UK advances toward a digital future. Successful Industry 4.0 integration across global sectors will depend on robust, cyber-secure foundations, with users at the heart of every digital transaction. The findings highlight the critical need for greater security awareness and the need for trust in data handling mechanisms. While vendors are beginning to address emerging challenges, both public and private service providers must position users as active partners, not just passive consumers. This shift will drive the need for Digital Sovereignty, helping to spearhead the trust necessary for secure digital interactions. As the UK population starts to transition into online services that leverages A.I, the success of our digital ecosystems will depend on built in safeguards to cybersecurity and acknowledging that basic cyber awareness is now a prerequisite for modern life for all.”

 
ENDS

Notes to Editor

About the IET

• We inspire, inform and influence the global engineering community to engineer a better world.     
• We are a diverse home for engineering and technology intelligence throughout the world. This breadth and depth means we are uniquely placed to help the sector progress society.     
• We want to build the profile of engineering and technology to change outdated perceptions and tackle the skills gap. This includes encouraging more women to become engineers and growing the number of engineering apprentices.    
• Interview opportunities are available with our spokespeople from a range of engineering and technology disciplines including cyber-security, energy, engineering skills, innovation, manufacturing, technology, transport and diversity in engineering.    
• For more information, visit www.theiet.org.    
• Follow the IET on LinkedIn, Facebook and Instagram via @TheIET / @InstitutionofEngineeringandTechnology.    

Media enquiries to:

Rebecca Gillick
External Communications & PR Lead
E: rgillick@theiet.org