The Cyber Security Longitudinal Survey (CSLS) helps us better understand cyber security policies and processes within medium and large businesses and high-income charities. It explores the links over time between these policies and processes and the likelihood and impact of a cyber incident. The survey is commissioned by The Department of Science, Innovation and Technology and aims to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. This is the fourth research year (or wave) of a multi-year study. The fourth wave of fieldwork was carried out during 2024, with the report published on 6 February 2025. The core objectives of the study are to: explore how and why UK organisations are changing their cyber security profile and how they implement, measure, and improve their cyber defences.provide a more in-depth picture of larger organisations, covering topics that are lightly covered in the main Cyber Security Breaches Survey (also available from the UK Data Archive), such as corporate governance, supply chain risk management, internal and external reporting, cyber strategy, and cyber insurance.explore the effects of actions adopted by organisations to improve their cyber security on the likelihood and impact of a cyber incident. Further information and additional publications can be found on the GOV.UK Cyber Security Longitudinal Survey pages. Wave 1-3 data from the Cyber Security Longitudinal Survey can also be found on the UK Data Archive under SNs 8969, 9067 and 9284 respectively. The questionnaire covered the following topic areas:cyber profile of organisationscyber security policies and processes and any improvements made over the last 12 monthssupplier risksinfluencers of changes in policies and processesuse and forms of cyber insuranceboard engagement with cyber security use of information or guidance from the National Cyber Security Centre (NCSC) to inform approach to cyber securitycyber security incident prevalence, impact and costscyber security incident management