SonicWall has released its UK cyber threat data from 2025, revealing that the number of UK organisations successfully compromised rose by 20 per cent, even as overall ransomware volume fell by 87 per cent. SonicWall’s data stems from measuring network-perimeter detections which are threats identified and blocked by SonicWall firewalls at the point of delivery.
The findings point to a potential move away from high-volume ‘spray-and-pray’ ransomware campaigns toward more targeted, human-operated ‘big game hunting’ attacks designed to maximise impact against fewer victims.
According to SonicWall, smaller organisations are more likely to be targeted by ransomware:
-
Ransomware was present in 88 per cent of SMB breaches
-
Compared to 39 per cent at large enterprises, underscoring how attackers continue to exploit less mature security environments
-
England absorbed 96.7 per cent of all UK ransomware hits, reflecting the heavy concentration of targets in London and the South East
Experts at SonicWall pinpointed the issue to outdated infrastructure compounding the problem, fuelling what it describes as a growing “Zombie Tech” crisis. A single decade-old vulnerability in widely deployed Hikvision IP cameras accounted for 67 million attack attempts in the UK, more than 20 per cent of all serious intrusion activity observed. Hikvision is the world’s largest CCTV / video‑surveillance equipment supplier by revenue and unit share in recent years.
While 80 per cent of IT leaders believe they can detect a breach within eight hours, the data shows attackers remain undetected for an average of 181 days. More broadly, automated threats continue to scale rapidly. Bots are now generating 36,000 scans per second, while AI-enabled attacks increased by 89 per cent in 2025, highlighting how adversaries are combining automation with precision targeting.
“The UK data for 2025 highlights ransomware is evolving into Big Game Hunting,” said Spencer Starkey, Executive VP, EMEA, SonicWall. “On the surface, the 87 per cent drop in overall attack volume might look like progress, but the reality is more alarming. More organisations are being successfully hit, and attackers are doing it with far greater precision. Meanwhile, Zombie Tech continues to haunt UK networks. We’re seeing millions of attacks tied to a single long-known vulnerability, alongside continued exploitation of issues first disclosed more than a decade ago. Threats are becoming more sophisticated at the top end, while remaining highly exploitable at the base and organisations must address both.”
