More than two-fifths, or 43%, of UK businesses reported a cybersecurity breach or attack in the past 12 months, the equivalent of about 612,000 firms, according to office infrastructure firm Co-space.
The growing shift toward flexible and shared office environments is adding new exposure to this cybersecurity risk, highlighting the increasing importance of cyber insurance and strong risk controls.
Co-space analysed government data to determine which industries were most affected by cyber incidents and how workspace design can influence risk exposure. Chief executive officer William Stokes (pictured) said shared offices often introduce additional entry points for cybercriminals through communal networks, devices and systems, which can make businesses more vulnerable if not adequately protected.
The analysis also comes as millions of UK users face increased risk following the end of Microsoft’s security updates for Windows 10, leaving older systems open to new cyber threats.
High-risk sectors and insurance exposure
Information and communications firms (69%) and professional, scientific and technical services (55%) reported the highest levels of attacks, followed by the finance and insurance sector (48%). These industries handle sensitive financial and client data, making them natural targets for phishing, ransomware and identity theft.
Insurers are closely monitoring how hybrid and flexible work environments are influencing both claim frequency and loss severity. Shared networks and remote access points can increase the risk of data breaches and system compromises, prompting underwriters to review cyber hygiene standards before offering or renewing coverage.
Managing risk through resilience and policy alignment
Co-space noted that coworking spaces are increasingly integrating enterprise-grade security features, such as managed Wi-Fi, access control and network monitoring to help tenants meet basic cyber insurance requirements.
The company advised firms to strengthen their defences through employee awareness training, two-factor authentication, system patching and clear incident response procedures. These measures not only lower the likelihood of a successful breach but can also help policyholders demonstrate robust risk management to insurers.
“As businesses continue blending physical and digital spaces, cybersecurity must become a shared responsibility," Stokes said. "It’s not just an IT issue anymore, it’s a professional skill. Protecting data is now part of protecting productivity.”
