Two-fifths of UK businesses have been victims of crime in the past year, according to a major survey from the British Chambers of Commerce (BCC), which warns that the problem has become a “serious barrier” to economic growth and investment across the country.
The BCC, representing tens of thousands of firms, said that 42% of companies reported experiencing some form of crime, with the figure rising to 58% among businesses employing more than 250 people. Micro-businesses were less affected, with 32% reporting incidents. The manufacturing sector was the hardest hit, with half of all firms in that industry saying they had been targeted.
Ellis Shelton, a policy manager at the BCC, said crime was acting as a “structural barrier” forcing bosses to divert “crucial time and money” away from growing their businesses. “Crime is becoming more sophisticated and there needs to be a step change in the support businesses can count on,” he said.
The BCC’s research, based on a survey of 1,411 firms, found that a fifth had fallen victim to fraud or scams, while 21% had experienced cyber-attacks. The figures align with wider data showing the scale of the problem. The UK government’s 2025/26 Cyber Security Breaches Survey indicated that 43% of all UK businesses had been hit by a cyber breach or attack in the past 12 months, rising to 69% for large firms. Phishing remained the most common method, accounting for 38% of breaches.
Shoplifting has also surged. Police-recorded offences rose 20% year-on-year to 516,971 in the year to December 2024, and by March 2025 the annual total had exceeded 530,000. The British Retail Consortium (BRC) reported that shoplifting alone cost retailers £2.2 billion in 2023/24, a 22% increase on the previous year. Including prevention measures, the total cost of retail crime reached £4.2 billion annually. Retail violence and abuse incidents rose by more than 50% to over 2,000 a day, with 45,000 cases of violence or abuse recorded in stores in the 12 months to September 2024 — 25,000 of which involved weapons.
The fraud toll is even starker. The Annual Fraud Indicator 2023 estimated the total cost of fraud to the UK economy at £219 billion a year, including £157.8 billion in private sector losses and £50.2 billion in public sector fraud. The National Audit Office estimated that the UK lost between £55 billion and £81 billion of taxpayers’ money to fraud and error in 2023-24. One in four businesses with employees — about 389,000 firms — experienced fraud in the 12 months to August 2024, with 40% of those cases being cyber-facilitated, commonly through phishing attacks.
High-profile cyber-attacks last year underlined the threat. Jaguar Land Rover suffered a hack estimated to have cost the UK economy £1.9 billion, potentially making it the most expensive cyber-attack in British history. Marks & Spencer reported a £324 million hit to profits after being forced to close its website for more than six weeks. Other major victims included the Co-op and Booking.com.
At the other end of the business spectrum, tradespeople are being hit hard by tool theft. A 2025 survey by On The Tools found that 75% of UK tradespeople had been victims of tool theft. The average value stolen in a single incident was £1,119, with some losing tools worth £15,000 or more. The financial impact goes beyond replacement costs — 32% lost one to two days of work, amounting to around £476 in lost earnings per incident. Over a fifth of tradespeople reported losses exceeding £500. The emotional toll is severe: 64% worry about tool theft daily, and some have considered leaving the industry. Campaign groups such as Trades United are calling for tougher penalties and for tool theft to be treated as an aggravated offence.
The overall cost of crime to British society is estimated at £250 billion annually — roughly 10% of GDP — with tangible costs of £170 billion per year, including £38 billion inflicted on businesses, £31 billion on the public sector, and £63 billion on individuals.
What businesses want the government to do
The BCC has set out a series of specific measures it says would provide the “step change” needed. First, it wants a single, dedicated cyber-attack reporting system for companies, replacing the current patchwork of reporting routes. Second, it calls for the creation of regional business crime hubs that would bring together police and local business crime reduction partnerships, allowing for better intelligence sharing and coordinated action.
Third, the BCC demands an expansion of cyber and fraud resilience support specifically for small and medium-sized enterprises (SMEs), which often lack the resources to defend themselves. Fourth, it argues for more financial incentives — such as tax breaks or grants — to encourage companies to invest in security measures, whether physical alarms, cybersecurity software, or staff training.
Finally, the organisation recommends a National Business Crime Strategic Assessment, to properly measure the economic harm caused by crime against businesses and to inform future policy.
Some of these ideas already have a foundation in existing government initiatives. The National Cyber Security Centre (NCSC) provides guidance for SMEs and runs a Cyber Resilience Pledge encouraging businesses to make cybersecurity a board-level responsibility, sign up for the NCSC’s Early Warning service, and obtain Cyber Essentials certifications. A network of Regional Cyber Resilience Centres across the country supports smaller firms in reducing their vulnerability. Action Fraud remains the national reporting centre for fraud and cybercrime, offering a helpline for small businesses.
Legislation is also evolving. The Economic Crime and Corporate Transparency Act 2023 introduced a new offence of corporate failure to prevent fraud, with a “reasonable procedures” defence. The forthcoming Crime and Policing Act 2026 will expand corporate criminal liability further: from 29 June 2026, the “senior manager” attribution test — previously limited to economic crimes — will apply to all criminal offences, making it easier to prosecute companies for misconduct by senior managers.
Industry bodies are not waiting for Westminster. Retailers are already deploying body-worn cameras, dummy display packaging, and AI-driven facial recognition technology; some have removed self-checkouts or placed security tags on everyday items. Business crime reduction partnerships such as PABCIS in Staffordshire and UKPAC are pooling intelligence between businesses and police to run exclusion schemes. The UK cyber insurance market is seeing growing adoption among SMEs, driven in part by the supply-chain disruption caused by attacks like the one on Jaguar Land Rover.
But the BCC insists that without a coordinated, national response backed by government, the burden on businesses will only increase. As Shelton put it: “Bosses are being forced to divert crucial time and money to tackling this anchor on growth.”
