2024 was a record year for commercial cyber attacks
China-backed attacks on IoT systems helped keep numbers high


2024 was the worst ever for commercial cyber attacks in the UK, new research suggests, with remote IoT devices attracting the most attacks.
During 2024, UK firms each experienced an average of more than 753,341 malicious attempts to breach their online and IT systems, according to analysis by specialist business ISP Beaming.
That was 4% higher than in 2023 - itself a record year - making last year the worst ever for attempted cyber attacks, with businesses encountering a new online threat every 42 seconds.
Before 2024, the average number of attacks in a single quarter had only exceeded 2,000 in Q4 2023.
"The rise of automated cyber attacks means the internet has never been more dangerous, and we expect it will become even more so as hackers use AI," said Beaming managing director Sonia Blizzard.
"The good news is that we are not seeing record numbers of companies crippled by hackers because businesses have got better at protecting themselves."
The most frequent targets last year were remotely-controlled IoT devices, with more than 161 daily attacks targeting applications such as building control systems, security cameras, networked printers, remote monitoring, and industrial automation systems.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Web applications, remote desktop software, and company databases were also frequently targeted, with businesses typically attracting more than 20 individual attacks daily for each of these systems in 2024.
Beaming identified more than a million IP addresses being used to launch cyber attacks on UK businesses - and traced more than a quarter of those to locations in China.
It also found significant and increasing volumes of cyber attacks that appeared to come from areas inside India - 87,144 attacking IP addresses - and the US, where there were 81,112.
The big rise in attacks on IoT devices may be explained in part by the activities of Flax Typhoon, a Chinese state-sponsored cyber group that has been active since at least 2021.
RELATED WHITEPAPER
Last September, the FBI successfully took down a botnet created by the group that consisted of more than 200,000 devices around the world, including small-office/home-office routers, internet protocol cameras, digital video recorders, and network-attached storage (NAS) devices.
IoT security has been a recurring talking point in the cybersecurity industry in recent years, with a survey from Viakoo last year finding that half of IT leaders thought IoT was the weakest point of their security apparatus.
Similarly, last summer Verizon Business found that while virtually all critical infrastructure organizations had some degree of IoT device adoption, almost half had experienced a major impact due to a compromised IoT device.
"A lack of industry-wide security standards for IoT devices and their communication protocols increases security risks, as does having many devices installed in remote locations where they may be vulnerable to physical tampering," said the firm.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Cyber espionage group laid low in National Guard network for nearly a year
News The announcement marks the second major Salt Typhoon incident in the space of two years
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?
News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Simplifying Password Management eBook
Whitepaper
-
Living off the Land eBook
Whitepaper
-
The Public Sector's Guide to Privilege and Password Management
Whitepaper
-
Zero Standing Privilege: Automating Cybersecurity Without Disrupting Productivity
Whitepaper
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem
News More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
A sneaky cyber espionage campaign is exploiting IoT devices and home office routers – here's what you need to know
News Researchers at SecurityScorecard have issued a warning about a new China-linked threat campaign, dubbed 'LapDogs', targeting IoT devices and home routers.
-
Government cybersecurity action plan includes £16 million in funding
News Cash will go to help startups, scale-ups, and university spinouts, while a new advisory group will aim to improve public sector cybersecurity
-
European Commission calls for cyber security proposals
News With a special focus on healthcare, the Commission is looking to allocate €145.5 million