UK cybercriminals shift to targeted attacks on small firms

SonicWall research shows UK cybercriminals moved in 2025 from high-volume ‘spray-and-pray’ campaigns to targeted ‘big game hunting’. The firm recorded a 20% rise in compromised organizations in the UK while overall ransomware volume fell 87%.

Attackers focused on fewer victims with weaker or outdated security to seek greater impact. SonicWall’s UK data shows a sharp divergence between total ransomware incident volume and the success rate of targeted breaches.

Smaller businesses were hit more often. Ransomware played a role in 88% of breaches affecting small and medium-sized businesses (SMBs), compared with 39% of incidents at larger enterprises.

SonicWall identified outdated or unsupported devices and software, often described as ‘zombie tech’, as a frequent factor in breaches. A decade-old vulnerability in Hikvision IP cameras was linked to about 67 million attempted attacks in the UK last year, roughly 20% of intrusion activity observed by the firm.

Automated and AI-enabled activity rose during 2025. SonicWall reported an 89% increase in AI-enabled attacks and said bots now generate about 36,000 scans per second across the web to locate vulnerable systems.

The report also highlighted a detection gap. Around 80% of IT leaders said they believe their organization can detect a breach within eight hours, but SonicWall’s data indicates attackers can remain undetected for an average of about 181 days.

Spencer Starkey, executive vice president for EMEA at SonicWall, warned, ‘On the surface, the 87% drop in overall attack volume might look like progress, but the reality is more alarming. More organizations are being successfully hit, and attackers are doing it with far greater precision.’ He added that ‘Zombie Tech continues to haunt UK networks.’

SonicWall noted that addressing outdated devices and improving detection capabilities could reduce the number of successful breaches.