HASTINGS, UK. January 7th, 2026 – UK businesses endured another year of exceptionally high cyberattack activity in 2025, according to new analysis from business internet service provider Beaming.
On average, companies were targeted more than 791,600 times over the year, equating to just over 2,000 attacks every day. Although marginally below the record-breaking peaks seen in 2024, Beaming’s data shows that elevated cyber risk has now become the long-term norm for UK organisations.
The ‘Constant Fire’ Targeting Business Infrastructure
Beaming’s 2025 data shows that attackers are laser-focused on the systems that facilitate remote work and data storage, turning them into high-risk entry points for UK firms:
· The Ransomware Gateway: Remote desktop and VPN services saw sustained, automated probing throughout 2025. These are the primary targets for ransomware groups who use stolen credentials to infiltrate and encrypt corporate networks to cause total business lockout.
· Data Extortion Hubs: Databases remained a top priority for attackers seeking to exfiltrate sensitive customer records for extortion purposes. These breaches often lead to significant regulatory fines and long-term reputational damage.
· Unpatched Web Apps: Web applications experienced a surge in automated scanning, where bots hunt for unpatched vulnerabilities. These industrialised attacks can exploit weaknesses within seconds of a flaw being discovered.
· Supply Chain Lateral Risk: Attacks on third-party cloud services and supplier portals rose in 2025. This underlines how dependent businesses are on the security of their partners, as attackers use these portals to move laterally into partner networks.
China and USA lead the surge in industrialised cybercrime
China remained the largest source of malicious traffic in 2025, frequently exceeding 30,000 unique attacking IP addresses per month. However, Beaming’s latest analysis reveals that the USA has significantly narrowed the gap, now following more closely as a major source of attack infrastructure than in previous years. These two nations, alongside Brazil, India, and Russia, constitute the top five origins of cyber threats reaching UK businesses.
Beaming notes that this threat landscape is increasingly global and industrialised. Rather than relying on short-lived infrastructure, attackers are utilising large, well-maintained botnets that allow for a sustained and relentless volume of probing.
Sonia Blizzard, Managing Director of Beaming, said: “In 2025, we saw cyberattack activity move from sporadic peaks to a relentless baseline of over 2,000 probes per day. For business leaders, 2026 needs to be the year where cyber resilience stays firmly on the boardroom agenda. It is no longer just about defending the perimeter; it’s about ensuring your organisation can keep operating even when under constant fire.”
Beaming’s recommendations for 2026
To counter the sustained threat, Beaming advises UK organisations to:
- Reduce attack surface: Audit and secure all internet-facing services, removing or restricting unnecessary ports.
- Strengthen remote access: Enforce Multi-Factor Authentication (MFA) across every remote login and remove direct RDP exposure.
- Implement identity-first security: Adopt conditional access policies that factor in user location and device health.
- Build resilience: Maintain immutable backups and regularly test recovery processes.
- Assess supplier risk: Review the security controls of third-party vendors as part of routine governance.
ENDS