Action Fraud reports cybercrime surge – but experts warn the real damage is far greater
Flare research reveals nearly half of all cybercriminals use multi-brand combo kits to steal data
CISO news
Action Fraud reports cybercrime surge – but experts warn the real damage is far greater
N ew data obtained by cybersecurity experts at Bridewell from Action Fraud reveals that cybercrime incidents reported by the UK public have increased by 37 % in the past five years.
Action Fraud, which has recently been replaced by Report Fraud, was the UK’ s national reporting centre for fraud and cybercrime. In 2021, 28,770 cybercrime incidents were reported, which increased 37 % in 2025 to 39,504. In total, over 161,000 cybercrimes were reported to Action Fraud in the past five years.
However, larger organisations typically report more serious incidents to the National Cyber Security Centre( NCSC) and the financial losses from these incidents remain largely undisclosed, meaning the true scale of cybercrime’ s financial impact remains hidden.
Despite the sharp rise in reported incidents, total financial losses reported to Action Fraud decreased, falling from over £ 12.3 million in 2021 to £ 6 million in 2025. Bridewell’ s CEO, Anthony Young, cautions that this does not reflect the impact of larger cyberincidents on the UK economy.
The NCSC reported handling 204 nationally significant cyberattacks between September 2024 and August 2025, a 129 % increase year-on- year. High-profile incidents affecting major organisations, including Jaguar Land Rover, Marks & Spencer and Coop, resulted in losses totalling hundreds of millions.
Young warns that the true cost of cybercrime to the UK economy is far higher than public reporting suggests, urging businesses to strengthen cybersecurity defences in response to growing large-scale threats.
Flare research reveals nearly half of all cybercriminals use multi-brand combo kits to steal data
Findings showed that combo kits, which are built to impersonate entire clusters of services in one deployment, are the engine of modern phishing. Flare found 43.8 % of entries leveraged these prepackaged sets of phishing tools and resources to scale with one kit meaning many victims and many monetisation paths.
Based on analysis of more than 8,600 underground, Deep Web, Dark Web and messaging platform discussions, Flare’ s report reveals how phishing kits and Phishing-as-a-Service( PhaaS) platforms are engineered for scale, speed and monetisation, allowing even low-skill actors to bypass multi-factor authentication( MFA), steal sessions and take over accounts with alarming efficiency.
The report shows that modern phishing operations are no longer constrained by geography, language or technical expertise. Kits are built in one region, sold in another and deployed globally, often within hours. lare, a leader of Threat Exposure Management, has released research titled The Phishing Kits Economy in Cybercrime
F
Markets, which uncovered how modern phishing has evolved into a mature, service-driven underground economy.
“ Phishing often appears chaotic, but when campaigns are conducted at scale, they follow clear structures and economic incentives,” said Assaf Morag, Cybersecurity Researcher at Flare.“ When you analyse enough activity, you can see which approaches consistently succeed, which ones fail and how attackers refine their operations over time, providing insights defenders can actually act on.”
WWW. INTELLIGENTCISO. COM 11