UK organisations continued to face intense levels of cyber threat throughout 2025, with new figures from business internet service provider Beaming revealing that attack volumes remain consistently high.
Beaming’s analysis shows that businesses were targeted an average of more than 791,600 times over the course of the year, equivalent to just over 2,000 cyberattacks every single day. While this figure sits slightly below the unprecedented highs recorded in 2024, the data indicates that elevated cyber risk is no longer an exception, but an ongoing reality for UK companies.
Persistent pressure on core business systems
Beaming’s 2025 findings highlight a strong focus by attackers on the digital infrastructure that underpins modern working practices and data management, creating persistent exposure for UK organisations:
- Ransomware entry points: Remote desktop services and VPNs were subjected to continuous automated testing throughout the year. These services remain prime targets for ransomware groups using compromised credentials to gain access and encrypt entire business networks.
- Data extraction targets: Databases continued to attract attackers seeking to steal sensitive customer information for extortion. Such incidents frequently result in regulatory penalties and long-lasting reputational harm.
- Vulnerable web platforms: Web applications saw increased levels of automated scanning as attackers searched for unpatched flaws. These large-scale attacks can exploit newly disclosed vulnerabilities within seconds.
- Supply chain exposure: Attacks involving third-party cloud platforms and supplier portals increased in 2025, demonstrating how weaknesses in partner systems can be leveraged to gain access to connected organisations.
China and the USA dominate sources of attack activity
China remained the most significant source of malicious traffic during 2025, regularly generating more than 30,000 unique attacking IP addresses each month. However, Beaming’s latest data shows that the USA has rapidly closed the gap and now represents a much larger share of attack infrastructure than in previous years. Alongside Brazil, India and Russia, these countries form the top five origins of cyber threats affecting UK businesses.
According to Beaming, cybercrime has become increasingly global and industrial in nature. Rather than using short-lived systems, attackers are relying on extensive, well-maintained botnets capable of sustaining constant probing over long periods.
Sonia Blizzard, Managing Director of Beaming, said: “In 2025, we saw cyberattack activity move from sporadic peaks to a relentless baseline of over 2,000 probes per day. For business leaders, 2026 needs to be the year where cyber resilience stays firmly on the boardroom agenda. It is no longer just about defending the perimeter; it’s about ensuring your organisation can keep operating even when under constant fire.”
Beaming’s recommendations for 2026
To counter the sustained threat, Beaming advises UK organisations to:
- Reduce attack surface: Audit and secure all internet-facing services, removing or restricting unnecessary ports.
- Strengthen remote access: Enforce Multi-Factor Authentication (MFA) across every remote login and remove direct RDP exposure.
- Implement identity-first security: Adopt conditional access policies that factor in user location and device health.
- Build resilience: Maintain immutable backups and regularly test recovery processes.
- Assess supplier risk: Review the security controls of third-party vendors as part of routine governance.
