Ransomware, Data Breaches and Resilience: A 2025 Outlook for Housing Associations
Cyber security is now a frontline concern for the UK housing sector.
Housing associations and public housing authorities are increasingly in the crosshairs of cyber criminals, driven by the high value of tenant data, the essential nature of housing services, and the limited resources many providers can dedicate to defending against advanced threats.
A Sector Under Pressure
Independent reporting suggests that around a quarter of UK housing associations experienced a cyber-attack in the past year. This continues a worrying trajectory:
In 2020, approximately 25% of social housing organisations reported being targeted.
By 2021, attacks were rising by almost 93% year on year.
Since then, high-profile incidents have affected Clarion Housing, Connexus, and Waverley Housing, each suffering significant disruption and, in Clarion’s case, financial operating losses estimated at over £17 million.
The Regulator of Social Housing’s 2023 Sector Risk Profile emphasised that ransomware and extortion attacks have grown significantly in recent years, with the digitisation of tenant services and widespread remote working leaving providers more exposed to phishing, malware, and unauthorised access. Alongside operational risks, boards are warned of reputational damage, regulatory penalties, and the erosion of tenant trust should data security fail.
Notable Cyber Attacks in the Housing Sector
Clarion Housing Association:
In June 2022, Clarion Housing Group - the UK’s largest housing association, serving around 350,000 residents across 125,000 homes; suffered a significant cyber incident that severely disrupted IT systems and phone lines. Tenants were unable to submit repairs, make rent enquiries, or access many core services. Clarion publicly acknowledged the disruption and urged residents to check their website for updates as systems were gradually restored. The incident left their operations disrupted for several months - with the firm losing an estimated £17million in operating surplus following the attack.
The incident sparked concern and frustration among residents and advocacy groups: Clarion’s communication delays led to confusion and a surge in phishing attempts targeting affected tenants, prompting the Social Housing Action Campaign to call for greater transparency and government intervention.
Connexus Housing:
In December 2023, Connexus Housing, operating across Shropshire and Herefordshire - was struck by a cyber-security incident involving unauthorised access to its systems. Connexus swiftly took affected systems offline, notified the Information Commissioner’s Office (ICO) and the Regulator of Social Housing.
The association were unable to confirm that some customer data had not been breached and issued a warning to customers and stakeholders to be vigilant for scam calls and phishing emails.
Hackney Council:
The risk to the housing sector is not solely contained to the housing associations however - with local councils across the UK also becoming targets for cyber criminals looking to steal tenant data.
In October 2020, Hackney Council fell victim to a major ransomware attack that encrypted approximately 440,000 files, crippling services for around 280,000 residents, including housing benefits, social care, and land charges. This disruption severely impacted vulnerable residents reliant on these essential social services.
An investigation by the Information Commissioner’s Office identified failures in patch management and security controls, including the existence of an unsecured dormant account, as critical contributing factors. The council incurred estimated recovery costs of around £10 million, and service restoration took many months.
The Evolving Threat Landscape
In 2025, ransomware and data extortion remain the most significant cyber threats to housing associations. Globally, the housing sector is viewed as a prime target because of:
Ransomware-as-a-Service (RaaS): Enabling criminal groups to scale attacks with relative ease.
Data Extortion Campaigns: Sensitive tenant records are stolen and leveraged for ransom even if systems are not encrypted.
Supply Chain Compromises: Attackers infiltrate providers via contractors, managed services, or software dependencies.
Attackers are incentivised by the high concentration of Personally Identifiable Information (PII) within housing systems and the operational pressure on providers to keep essential services running, which can create leverage for extortion.
New Government Measures
The UK government has announced plans to introduce a new ransomware regime that will directly affect housing associations, particularly those delivering public housing services. Measures include:
A targeted ban on ransom payments for public sector and Critical National Infrastructure (CNI).
A payment-prevention regime, increasing oversight and accountability.
Mandatory incident reporting, requiring organisations to disclose ransomware incidents within 72 hours.
While these steps aim to reduce criminal incentives and improve visibility, experts warn they may also encourage attackers to pivot towards pure data theft and supply chain attacks, where ransom payments are harder to regulate.
Sector Preparedness
Despite increasing awareness, preparedness remains a weak spot across the sector. The Phoenix/National Housing Federation’s State of Cyber Security in Housing 2023 report found:
This lack of resilience is compounded by legacy IT systems, patchy third-party oversight, and growing volumes of sensitive tenant data collected under new regulatory requirements such as the Transparency, Influence and Accountability Standard.
Building Resilience
To respond to these risks, organisations are encouraged to adopt sector-specific strategies. PureCyber and the National Housing Federation highlight a number of measures to strengthen resilience:
Tenant Data Protection - minimise retention, encrypt data, and tighten access controls.
Third-Party Controls - enforce multi-factor authentication, isolate vendor access, and include security requirements in contracts.
Ransomware Readiness - maintain offline and immutable backups, segment recovery environments, and rehearse breach scenarios.
Identity & Email Hardening - adopt phishing-resistant MFA, disable legacy authentication, and monitor suspicious logins.
Network Segmentation - separate operational systems such as BMS and CCTV from core IT, and patch internet-facing services promptly.
Legal & Reporting Readiness - prepare for the new ransomware regime by aligning incident response, data protection, and communications functions.
Certification & Culture -achieve Cyber Essentials, invest in continuous staff training, and adopt a Zero-Trust approach to network and data access.
Securing The Sector
The cyber threat landscape facing UK housing associations in 2025 is defined by both scale and complexity. With nearly one in four providers experiencing a cyber-attack annually, the risks can no longer be regarded as hypothetical. The growing professionalism of cyber criminals, combined with the sector’s reliance on sensitive tenant data and critical operational systems, makes the housing sector a prime target for disruption and extortion.
The government’s new ransomware measures may improve accountability and reduce the likelihood of ransom payments, but they also underline that attackers will not stop. Instead, they are likely to diversify their tactics, exploiting supply chains and expanding the scope of their attacks.
For boards, this means cyber risk must be treated as a core governance issue - taken seriously as a genuine risk to both the association and their tenants. A secure housing association is one that protects tenants, reassures regulators, and sustains service continuity in the face of attack. By investing in resilience; from Zero-Trust controls and ransomware readiness to staff training and supplier management - housing associations can shift from being passive targets to active defenders.
Ultimately, strong cyber resilience is not just about compliance. It is about protecting trust, safeguarding the dignity and privacy of tenants, and enabling housing providers to continue their mission without fear of disruption.
Is Your Cyber Security Stressing You Out in 2025?
PureCyber Has All The Resources You Need to Stay One Step Ahead.
From free online webinars in our Autumn Webinar Series, to AI threats, essential checklists and landscape reports, we’ve got you covered.
Discover expert-curated insights, tools, and resources to strengthen your organisation’s cyber resilience during the busiest season for attacks. The first webinar in our Autumn Series, Crisis Unfolding: Why Leaders Must Own Incident Response will walk you through the first critical few hours of a cyber incident using a realistic timeline - revealing exactly what you need to know to create an effective incident response plan.
You can explore further details about our Autumn Webinar Series by clicking the button below - three live, consecutive, monthly webinars covering cyber security from different perspectives and led by our expert team of cyber specialists.
How Can PureCyber Help?
The PureCyber team are here to take over the burden of your cyber security and ensure your organisation’s data remains secure and well managed, with proactive monitoring and real-time threat intelligence - providing you with a comprehensive and reliable cyber department to support you in all aspects of your security efforts, including: 24/7 Security Operations Centre (SOC) services, Managed Detection & Response (MDR/EDR),Threat Exposure Management (TEM) & Brand Protection Services & Penetration Testing.
PureCyber is recognised as an Assured Service Provider by the NCSC to offer governance and compliance consultancy services/audits. Contact our team of compliance experts to enquire about our full range of Governance Support - including Cyber Essentials, ISO 27001, FISMA, SOC1 and SOC2 standards.
Get in touch or book a demo for more information on our services and how we can safeguard your organisation with our expert cyber security solutions.
Email: info@purecyber.com Call: 0800 368 9397