Q2 2025 Cyber Threat Report
Find out what our latest report exposes about the evolving threat landscape
UK businesses faced an average of 184,411 cyberattacks each in Q2 2025, a slight increase from the previous quarter and a stark reminder that the threat landscape continues to intensify. While the volume of attacks remains high, the nature of these threats is shifting, becoming more distributed, more persistent, and more targeted.
Beaming’s latest analysis of cyberattack data from thousands of UK-based businesses reveals five key insights that IT and business leaders should factor into their cybersecurity strategies and budgets for the remainder of 2025.
Attack volumes are high and increasingly focused on remote access
In Q2, UK companies were targeted more than 2,000 times per day, on average. This marks a sustained period of elevated risk that has continued from late 2023 through mid-2025. Attackers continue to focus on Remote Desktop Protocol (RDP) and VPNs, but signs point to increasing interest in VoIP and DNS systems, likely influenced by the ongoing ISDN switch-off and rapid growth of cloud-based collaboration tools.
Key takeaway: Businesses must look beyond traditional firewalls. Remote access infrastructure and VoIP platforms should be securely deployed, routinely tested, and sourced from trusted suppliers with strong monitoring capabilities.
Threats are originating from more places and more IPs
Over 94% of attacks originated from outside the UK, with China remaining the single largest source. Notably, the biggest shift comes from India which has seen a massive surge recently, increasing over 250 per cent from Q2 2024.
Key takeaway: Traditional IP blacklisting is no longer enough. Businesses should invest in behaviour-based threat detection and real-time threat intelligence to stay ahead of fast-moving cyber criminals.
The botnet is getting smarter
Analysis of attacker IPs reveals continued decentralisation, with a wider spread of malicious addresses observed across the quarter. This indicates a broader and more evasive threat model, likely powered by AI-assisted automation.
Key takeaway: Endpoint protection and anomaly detection are critical. Businesses should ensure that their cybersecurity includes machine learning-based defences capable of identifying unusual patterns across devices and users. Beaming recommends Cisco Secure Endpoint
Business critical applications under threat
Attacks targeting business-critical applications, including file sharing, web services, and remote-control tools, remain high. In particular, web application attacks rose sharply in June and DNS and VoIP traffic also rose mid-quarter, highlighting how attackers probe for weaknesses in under protected or transitioning systems.
Key takeaway: Security at the application layer is non-negotiable. Businesses should invest in web filtering, DNS-layer protection, and vulnerability scanning. Beaming recommends Cisco Umbrella to support this.
Q3 2024 was a warning and Q2 2025 confirms it
The record-breaking number of attacks in Q3 2024 was not an anomaly. While 2025 hasn’t surpassed that peak, it confirmed that elevated threat levels are the normal. Attackers are adapting quickly, and businesses must do the same.
Key takeaway: Cybersecurity is not a one-off investment, it’s a continuous process. Business leaders should review budgets, training, and incident response plans with their suppliers to ensure they reflect today’s threat environment.
Summary
As UK organisations embrace digital transformation, their attack surface is widening. The latest data shows not just more attacks, but smarter and more distributed ones, aimed at business-critical systems.
“The digital world presents incredible opportunities, but it is not without significant risk,” said Sonia Blizzard, Managing Director of Beaming. “UK businesses cannot afford to be complacent. As trusted experts in business networks, we urge organisations to assess their vulnerabilities, invest in robust defences, and stay informed. Our mission is to help businesses thrive securely in an increasingly hostile online environment.”
At Beaming, we believe that sharing this data helps businesses make the right decisions. Whether you’re reviewing your firewall policies, planning a VoIP rollout, or preparing for the Windows 10 end-of-support deadline, understanding the threat landscape is the first step toward resilience.