With public concern about phishing attacks hitting a 20-year high in December 2025, new government data reveals that 85% of UK cyber security incidents involve phishing.
Almost a third of British businesses (29%) have experienced at least one remote-working related security breach in the past year, with phishing attacks accounting for 85% of all cyber security incidents, according to a new analysis from Nasstar.
Search trends data reveals that UK searches for 'phishing' hit a 20-year high in December 2025, and Google’s search trends index revealed a 600% surge in people looking for a 'phishing link checker', demonstrating growing awareness that clicking malicious links is a critical cyber security threat, yet one that most businesses are currently ill-equipped to address.
The warning comes as the UK Government's Cyber Security Breaches Survey 2025 reveals that while overall breach rates have declined slightly to 43% of UK businesses, medium and large businesses still face significantly higher rates at 67% and 74% respectively.
Among organisations experiencing breaches, phishing remains by far the most common attack vector at 85% of incidents.
Phishing exploits identity and trust, not network vulnerabilities, which is why security needs to be designed around identity rather than perimeter assumptions.
The search trends data reveals that the British public is increasingly aware that phishing is a major threat, and that 600% surge in demand we’re seeing for a 'phishing link checker' shows that they're actively searching for ways to protect themselves from the risk posed by malicious phishing links.
Despite the widespread adoption of traditional network perimeter security controls, phishing remains the dominant attack vector because it targets users, identities, and cloud applications rather than exploiting network vulnerabilities.
Concerns about phishing attacks reaches all-time record high
Analysis of 21 years’ worth of UK search trends data reveals an unprecedented surge in concerns about phishing:
December 2025 marked an all-time record high
Before 2025, the previous peak was in October 2020, when most people in the UK were working remotely because of the pandemic
Interest in phishing link checkers has surged by 600%, highlighting demand for a phishing tool that many firewalls don’t offer
"What is spear phishing in cyber security" saw a 1,500% surge in search demand, showing increased awareness amongst British workers of the risk of highly targeted attacks on UK businesses
Remote working and the phishing epidemic
The UK Government's Cyber Security Breaches Survey 2025 reveals the scale of the phishing crisis affecting remote and hybrid workers:
29% of UK businesses experienced at least one remote-working-related security breach in the last 12 months
43% of UK businesses experienced cybersecurity breaches overall
67% of medium businesses and 74% of large businesses experienced breaches
85% of business breaches involved phishing attacks, making it by far the most common threat
86% of charity breaches involved phishing, showing that the voluntary sector is equally vulnerable
65% of businesses that experienced breaches said phishing was their most disruptive incident
The real shift over the last few years hasn’t just been where people work from, but how organisations consume applications and data.
As businesses have moved rapidly towards cloud and SaaS platforms, identity has effectively become the new perimeter. That fundamentally changes the risk profile, because attackers no longer need to break into a private network; they just need to abuse a legitimate user account.
What’s particularly notable is the level of concern we’re seeing around phishing today. The surge in search interest suggests organisations and individuals are increasingly aware that these attacks are harder to detect and more difficult to defend against using traditional approaches.
That’s why modern SASE architectures are so important. They don’t replace email security or VPNs, but they apply layered, identity- and context-aware controls wherever users access applications, reducing risk when phishing or credential abuse occurs.
In that context, the 600% surge in searches for a ‘phishing link checker’ reflects a growing demand for real-time, identity-aware protection — even if most people don’t yet recognise it as part of a broader SASE approach.
The SASE solution: Security built for the phishing era
Modern SASE architectures address phishing threats that more traditional security solutions simply can’t tackle. It combines network security functions with URL filtering, malware detection, and data loss prevention in a cloud-delivered service.
Email security reduces exposure, but modern SASE architectures apply multiple layers of control at the point of access, limiting risk even when users interact with malicious content.
Modern phishing attacks aren’t limited to email; they increasingly arrive via cloud services, shared files, messaging platforms, and social engineering techniques that all aim to abuse legitimate user identities. SASE doesn’t replace email security; it enforces identity and context-aware access controls at the point of use, limiting what an attacker can do even when credentials are compromised.
About the analysis
Nasstar’s findings are based on an in-depth analysis of data from two authoritative sources:
Google Trends analysis of over 20 years of UK search behaviour for 'phishing' and related terms, from 2004 to December 2025
