SonicWall has released its UK cyber threat data for 2025, reporting that the number of organisations successfully compromised rose by 20% even as overall ransomware volume fell by 87%. The figures point to a narrower, more selective threat environment in which fewer attacks are being launched, but more are landing.
SonicWall said the data comes from network-perimeter detections, measuring threats identified and blocked by its firewalls at the point of delivery. The company said ransomware was present in 88% of breaches involving small and mid-sized businesses, compared with 39% of breaches at large enterprises. England accounted for 96.7% of all UK ransomware hits, reflecting the concentration of likely targets in London and the South East.
The company linked a large share of serious intrusion activity to ageing infrastructure. According to SonicWall, a single decade-old vulnerability in widely deployed Hikvision IP cameras accounted for 67 million attack attempts in the UK, representing more than 20% of all serious intrusion activity observed. SonicWall described the pattern as part of a growing “Zombie Tech” problem, with long-known weaknesses in older systems continuing to provide attackers with an accessible route into networks.
“The UK data for 2025 highlights ransomware is evolving into Big Game Hunting,” said Spencer Starkey, Executive VP, EMEA at SonicWall. “On the surface, the 87% drop in overall attack volume might look like progress, but the reality is more alarming. More organisations are being successfully hit, and attackers are doing it with far greater precision. Meanwhile, Zombie Tech continues to haunt UK networks. We’re seeing millions of attacks tied to a single long-known vulnerability, alongside continued exploitation of issues first disclosed more than a decade ago. Threats are becoming more sophisticated at the top end, while remaining highly exploitable at the base and organisations must address both.”
SonicWall also reported that bots are now generating 36,000 scans per second, while AI-enabled attacks increased by 89% in 2025. The company said 80% of IT leaders believe they can detect a breach within eight hours, but attackers remain undetected for an average of 181 days. The full cyber threat report is available on SonicWall’s website.
