Over two-fifths of businesses (43%) reported experiencing a cyber security breach or attack in the last 12 months, equating to approximately 612,000 businesses across the UK.
As remote and flexible working continue to shape the UK’s professional landscape, shared offices and coworking environments have become vital for collaboration and growth. Yet the increased use of shared networks, devices, and systems has also opened new doors for cybercriminals.
This comes at a time where around 21 million British computer users risk becoming vulnerable to cyberattacks and scams tomorrow, with Microsoft ending updates for its decade-old Windows 10 system.
The company has warned 400 million Windows users worldwide to brace for potential security threats once support stops, leaving many PCs exposed.
Office infrastructure experts, Co-space, analysed government data to identify which sectors were most affected by security breaches and how the right workspace environment can reduce risk.
“Workplace scams have become more sophisticated, and shared workspaces can unintentionally provide an attractive entry point if businesses are not properly protected,” said William Stokes, CEO of Co-space. “Whether through free Wi-Fi, communal devices, or the diversity of tenants, open environments demand a greater focus on cyber hygiene. Awareness and prevention are key.”
Most targeted sectors by cyberattacks over the past 12 months:
| Industry Sector | % of Businesses Targeted |
| Information or communications | 69% |
| Professional, scientific or technical | 55% |
| Administration or real estate | 48% |
| Finance or insurance | 48% |
| Utilities or production | 48% |
| Businesses overall | 43% |
| Entertainment or service | 42% |
| Health or social care | 41% |
| Construction | 40% |
| Transport or storage | 35% |
| Retail or wholesale | 32% |
| Food or hospitality | 30% |
Technology-driven and information-rich sectors, such as information and communications (69%) and professional, scientific or technical services (55%), remain the most targeted by cyberattacks.
These industries handle high volumes of sensitive client and financial data, making them natural focuses for cybercriminals.
Finance, insurance and utilities sectors also report high breach rates (48%), reflecting both the complexity of their operations and the value of their digital assets.
By contrast, industries like hospitality, retail, and food services show lower rates of breaches, though they still face risks from scams involving payments or customer data.
However, the growing popularity of flexible office environments, particularly among administrative, real estate, and service industries (42-48%), shows that coworking has become a mainstream business model.
Modern workspace operators are meeting this demand with enterprise-grade digital protection, including managed Wi-Fi, access controls, and real-time network monitoring systems that small and mid-sized firms might otherwise struggle to afford.
Phishing remains the UK’s most common form of cyberattack, though reports have dipped slightly from 42% in 2024 to 37% in 2025.
Other leading threats include ransomware, spyware, and identity theft, which continue to affect businesses across all industries, whether remote, hybrid, or office based. In total, 43% of businesses overall experienced some form of cyberattack over the past year.
To help businesses stay protected in flexible or shared environments, Co-space recommends:
- Educating teams to spot phishing and suspicious communications
- Using VPNs, strong passwords, and multi-factor authentication on shared networks
- Regularly updating and patching systems to close vulnerabilities
- Verifying all payments and invoices via trusted secondary channels
- Segmenting Wi-Fi to separate business data from guest access
- Monitoring connected devices, including printers and IoT equipment, for unusual activity
“Cyber risks aren’t going away, but neither is the shift to flexible work,” said William. “The way we work has evolved faster than the way many organisations protect themselves online. Shared and hybrid environments bring people, systems and ideas together, that combination can create both opportunity and exposure.
“The real risk isn’t the workspace itself, but complacency. When teams share networks, devices or platforms, even one moment of inattention can open the door to an attacker. Strong security discipline, two-factor authentication and simple awareness of suspicious activity can prevent far more damage than expensive software ever will.
“As businesses continue blending physical and digital spaces, cybersecurity must become a shared responsibility. It’s not just an IT issue anymore, it’s a professional skill. Protecting data is now part of protecting productivity.”
