Research from ISP Beaming highlights that last year was the worst on record for cyberattacks on UK businesses. Nick Denning, our CEO discusses the latest insights into business vulnerabilities and steps you can take to protect your company.
The worst year for cyberattacks
UK businesses faced a new online threat every 42 seconds in 2024 making it the worst year for cyberattacks on UK businesses, beating the previous “winner” 2023. The level of attacks increased by 4% over 2023 according to research from Internet Service Provider, Beaming.
The threat level from cyberattacks and the cost of breaches is only going in one direction whether those threats come from individual bedroom hackers, disaffected employees, organised criminal gangs, rogue states or a combination of all four. In 2025 UK businesses continue to be vulnerable to attack as they are failing to follow cyber security best practices.
Focus on the threat surface
The threat surface includes all areas where a system or network could be vulnerable to attack. This includes software, hardware, network configurations and even human factors. Over recent years there has been an expansion of organisations’ threat surfaces from the increase in connected devices as the spread of the IoT (Internet of Things) expands vulnerabilities.
The SME advantage
The good news is that SMEs by their nature are likely to have a smaller attack surface. Therefore, it is potentially easier for an SME to assess risks and to take an inventory of assets that need protecting and how they may be vulnerable. However, if a business does not have even the basics skills and right technology in place to access this type of information it can leave huge gaps in its defences, or lead it to invest in the wrong kind of security.
Businesses of all sizes are in danger of making their IT infrastructure and networks more vulnerable by not encrypting the data moving through their networks, failing to isolate this traffic from the public internet, and not monitoring those networks for malicious activity.
Just as companies need a register of physical assets for accounting and maintenance purposes, as important is the need for an inventory of all IT assets and network connections as they make up the attack surface of an organisation.
Cyber Essentials and Policy Monitor can help
The NCSC’s Cyber Essentials Readiness Tool is a good starting point when evaluating your organisation’s vulnerabilities. Assessments must cover the whole of the IT infrastructure used to perform the business of an organisation. All the devices and software should be included which meet any of these conditions:
â—Ź can accept incoming network connections from untrusted Internet-connected hosts
â—Ź can establish user-initiated outbound connections to devices via the Internet
â—Ź control the flow of data between any of the above devices and the Internet.
You will need to create a register of physical IT assets, which you may already have but also add intangible assets like databases and software, plus employee equipment used in a home-working or in a BYOD context, and IoT devices. This complete asset register will help you assess your vulnerabilities.
Policy Monitor’s CSPM solution can help you build a comprehensive IT asset register and then ensure you put in place the policies and processes that meet industry standards to reduce vulnerabilities and minimise increasing cyber threats. We have the experience and expertise to deliver the advice and the technology solutions you need as threats increase across an expanded surface including at risk networks.
Nick Denning is the founder and CEO of Policy Monitor.
Further reading:
• Beaming ISP – The 2024 Cyber Threat Report