Overview
At the time of this report, statistics from the Cyber Security Breaches Survey are published as official statistics.
The survey, which is produced in partnership by the Department for Science, Innovation and Technology (DSIT) and the Home Office, provides an important source of evidence on the cyber security landscape for UK businesses, educational institutions and charities. Published as official statistics annually since 2017, the statistics provide insight into how organisations’ approach to cyber security and the nature of cyber-attacks have changed.
This report shares our view on how the statistics from the Cyber Security Breaches Survey meet the standards set out in the Code of Practice for Statistics.
Why we did this review
We undertook this review as part of a wider focus by the Office for Statistics Regulation (OSR) on fraud and cybercrime statistics, to enhance our understanding of cybercrime that affects businesses and other organisations. This follows our 2025 review of fraud and computer misuse statistics for England and Wales. We are reviewing the statistics from the Cyber Security Breaches Survey for the first time.
Highlighted findings
The producer team engages effectively with users, using a variety of formats including surveys and workshops to gather feedback and develop the Cyber Security Breaches Survey in accordance with user need.
The addition of qualitative interviews in the survey provides valuable insight into organisations’ awareness of cyber security risks and how they respond to them.
The statistics are presented impartially and are supported by clear guidance to help users correctly interpret key terms such as ‘consistent’ or ‘in line’.
Uncertainty is not communicated as clearly as it should be. Confidence intervals and information on sample representativeness are presented in a way that is overly complex, which limits users’ ability to fully understand the degree of uncertainty in the estimates.
The main statistical bulletin is long, and DSIT has also published a separate annex with findings for educational institutions. The length of the bulletin may make it harder for users to quickly and easily find the information they need.
Our judgement
Our review found that the statistics from the Cyber Security Breaches Survey are clear and insightful, and that the DSIT team has a good understanding of user needs.
Based on our findings, we are making three recommendations to improve these statistics in line with the Code:
- DSIT should improve its communication of uncertainty in the statistics by plainly stating the margin of error where appropriate so that users fully understand the degree of uncertainty in the estimates.
- In order to better inform users on sample representativeness, DSIT should display the total population sizes for each sample group alongside the margin of error and sample sizes.
- DSIT should engage with users to identify opportunities to streamline content in the bulletin and consult with other official statistics producers on best practices for presenting long bulletins. This will help DSIT to focus content and enable users to quickly and easily find the information they need.
Next steps
We will meet with the DSIT team by December 2026 to discuss its progress and review the actions it has taken in response to these recommendations.
Related links
Review of fraud and computer misuse statistics for England and Wales
Back to top