Small and medium sized charities that have been targeted by ransomware criminals experienced more attacks than any other similar sized organisation, research has found.

It states that among small and medium sized enterprises (SMEs) targeted in the UK, charities were attacked eight times on average during 2025.

In comparison energy firms in the UK suffered an average of seven attacks, travel and leisure firms were hit six times on average and targeted financial services and pharmaceutical firms fell victim to ransomware attackers just under six times.

The analysis has been published by insurer Hiscox Group involving more than 5,700 organisations globally. Around a fifth are based in the UK. Respondents were surveyed in July and August 2025 and asked to chart how their organisation had been impacted by cyber criminals over the previous 12 months.

The most frequent entry point for a ransomware attack cited by UK charities was through networked internet of things (IoT) devices such as system alarms, not including phones or tablets.

In a third of cases the attack was through a supply chain compromise, such as websites and software. In almost three in ten cases the attack was through a business email compromise.

In more than a fifth of cases webserver vulnerability was the entry point for an attack.

Across all SMEs larger organisations, with between 50 and 249 employees recorded an average of seven attacks during 2025, with those with fewer than ten employers attacked an average of four times.

“As organisations grow, adopt new technologies or expand digital services, exposure can increase rapidly if cyber controls and insurance arrangements are not reviewed alongside operational change,” said Hiscox head of cyber security Alana Muir.

She added that ransomware, where criminals ask for a ransom for stolen data or locked websites, is the most persistent form of cyber attack facing all SMEs.

Further ransom demands

Four in five organisations targeted paid a ransom to recover or protect data that had been targeted by criminals.

But in three in ten cases those who paid a ransom were subsequently asked for additional payments.

Among all incidents a third incurred fines, three in ten reported their business suffering and a similar proportion said the attacks had made it more difficult to attract new clients.

“These findings demonstrate how a ransomware incident can quickly escalate beyond IT disruption into a wider business continuity challenge, affecting revenue, operations and long-term reputation,” said Muir.

She added that “artificial intelligence is truly transforming the cyber threat landscape”.

Earlier this year a report by BDO into charity fraud found that fears of an increase in cyber attacks persist among more than half of charities, with ransomware, phishing and issues caused by AI emerging as concerns.

---