Q3 2025 Cyber Threat Report
With October marking Cyber Awareness Month, the latest data from Beaming reveals that UK businesses are facing a rapidly professionalising and diversifying cyber threat landscape.
High-profile incidents dominated the news agenda in Q3 2025, including major ransomware attacks that shut down parts of Jaguar Land Rover’s global operations and the successful infiltration of Collins Aerospace systems, which caused widespread delays at airports including London’s Heathrow. These events, alongside the alarming data theft and ransom demands targeting the Kido nursery chain, underscore that no organisation is immune to the risks of disruption, financial loss, and reputational damage.
Beaming’s latest analysis of cyberattack data shows UK businesses faced an average of 192,144 cyberattacks each in Q3 2025, an increase from the 184,411 attacks recorded in Q2 2025. This sustained, high-level volume of attacks confirms that elevated threat levels are the new normal.
Key insights to factor into cybersecurity strategies and budgets from Q3 2025 data
1. Attack volumes sustain elevated levels, highlighting RDP and VPN vulnerabilities
Beaming’s data confirms that attack volumes remain at a sustained, high level, with UK companies targeted on average more than 2,088 times per day in Q3, sustaining the rate observed in the previous quarter (approximately 2,026 times per day). Critically, Beaming’s analysis shows attackers continue to focus heavily on established methods like Remote Desktop Protocol (RDP) and VPNs to gain initial access. This sustained focus on perimeter infrastructure, combined with major Q3 incidents like the JLR attack, has highlighted the critical vulnerability of the supply chain and third-party suppliers.
Key takeaway: Businesses must prioritise securing remote access infrastructure and integrate supply chain risk management into their core cybersecurity strategy, requiring suppliers to meet baseline security standards.
2. Asia still shows the biggest threat but hackers are hiding in more places
Beaming’s analysis reveals that over 97% of attacks originated from outside the UK. The threat is still led by China, which remains the single largest source country. However, the trend of decentralisation and the widening spread of malicious addresses, likely powered by AI-assisted automation, continues to complicate traditional defences. Notably, the massive surge from India observed in Q2, which had increased by over 250 per cent from Q2 2024, maintained its elevated contribution throughout Q3, reinforcing the global nature of the threat landscape.
Key takeaway: Traditional IP blacklisting is no longer enough. Businesses should invest in behaviour-based threat detection and real-time threat intelligence to stay ahead of fast-moving cyber criminals who are using a wider array of global infrastructure.
3. VoIP and DNS are targeted business-critical applications
Beaming’s analysis highlights that attacks targeting business-critical applications remain high, focusing particularly on file sharing, web services, and remote-control tools. The rise in DNS attacks throughout the quarter highlights how attackers are probing for weaknesses in fundamental network services that underpin connectivity. The continued interest in VoIP, a trend likely driven by the ongoing ISDN switch-off and the rapid growth of cloud collaboration, was sustained throughout Q3. This shows attackers probe for weaknesses in under-protected or transitioning systems.
Key takeaway: Security at the application layer is non-negotiable. Businesses should invest in web filtering, DNS-layer protection, and vulnerability scanning. Beaming recommends Cisco Umbrella to support this.
4. Operational disruption becoming greatest threat
Companies need to be prepared for potential disruption caused by a breach, from simple data theft to large-scale operational disruption. This high-level finding has been shown in the major incidents of Q3, such as the JLR production shutdown and significant disruption to various large UK retailers. This can also be seen in a survey finding that 7% of businesses reported a significant increase in temporary loss of access to files or networks, up from 4% in 2024. (Source: GOV.UK Cyber Security Breaches Survey 2025). The move to targeting business continuity necessitates a higher-level strategic response.
Key takeaway: Cybersecurity is not a one-off investment, it’s a continuous process that must be overseen by the board. Business leaders should review budgets, training, and incident response plans with their suppliers to ensure they are suitable to protect against the current threat environment.
Sonia Blizzard, Managing Director of Beaming, said
“The sustained, elevated level of attacks is a clear signal that the cyber criminals will not let up and UK businesses cannot afford to be complacent. We urge organisations to assess their vulnerabilities, particularly around third-party and employee access, invest in robust defences, and stay informed. Our mission is to help businesses thrive securely in an increasingly hostile online environment.”
At Beaming, we believe that sharing this data helps businesses make the right decisions. Whether you’re reviewing your firewall policies, planning a VoIP rollout, or strengthening your supply chain, understanding the threat landscape is the first step toward resilience.