In today’s small and medium-sized UK businesses, most of the cybersecurity budget goes into protecting data and strengthening authentication. Those are important measures – the cost of a data breach is still enough to close your firm, after all.
But they aren’t enough.
Because in 2025, thanks to increased capabilities of DDoS attacks, you don’t have to lose your data to lose your business – you just have to lose access to it.
As CTO at Pulsant, I see how DDoS attackers try to disrupt ordinary businesses every week. I’ve watched as attacks evolved in recent years, becoming more sophisticated and dangerous. “Ransom DDoS” has become a threat SMEs should take seriously. The number of attacks has also increased – up by 81.7% since 2024, to 20.1 million attacks worldwide in Q1 2025.
I’ve also led the development of our DDoS Protect service, Pulsant’s response to the threat, which has stopped more than 150 DDoS attacks on our clients in just the past six months. The average attack we halt pumps out 1.7 Gb of bad traffic per second.
I’d understand if you’re sighing right now. “Yet another IT risk to think about.” The cybersecurity conversation never seems to end – nor do the costs.
But this is one of those IT risks where a small change can make all the difference.
Let’s discuss what British SMEs can do to protect against DDoS and loss of availability, without adding IT burden or significant cost to your current strategy.
DDoS steals your ability to operate, not your data
For those new to the topic, DDoS stands for Distributed Denial of Service. It’s where attackers flood your network with so much fake traffic that genuine users can’t get through.
Nothing is stolen, but your business grinds to a halt.
To be effective, the size of the DDoS flood simply needs to be greater than the capacity of your internet connection. Once the pipe is full, legitimate traffic can’t get through. And in-house defences, such as firewalls, are helpless.
Attacks larger than 500 Gbps or even 1 Tbps – easily enough to overwhelm SMEs – grew significantly in 2024, according to Cloudflare.
What’s changed in DDoS attack behaviour
But are attackers really targeting your business?
Recent headlines about huge, hyper-volumetric events can make it seem like a big business problem. May 2025 saw the biggest ever DDoS attack, at 7.3 Tbps.
It’s not all about size, though. Attacks are becoming more sophisticated, often combining methods like network-layer SYN floods (where the network is overwhelmed by initial connection requests) and ESP reflection/amplification (where vulnerable systems are targeted). They’re also using AI automation to orchestrate and amplify attacks.
While DDoS began as a kind of nuisance prank method in the 1990s, today it’s being used by cybercriminals in dangerous ways:
- Ransom DDoS attacks demand money in anonymous cryptocurrency, or the attacks continue.
- Traditional ransomware attackers may use DDoS to distract your IT staff, while they deliver the main assault.
- State-sponsored attackers from other nations seek to disrupt and damage businesses of all sizes.
So the answer is yes, you’re being targeted. Ransom DDoS attacks, for example, increased by 6% from Q1 2025 to Q2 2025 according to Cloudflare.
The cost of ignoring availability
There are real and immediate costs to being hit by a DDoS attack:
- Customers can’t buy from you or use your services.
- Your employees are locked out of systems they need to do their jobs.
- You lose money for every sale you can’t make, every disappointed customer who never returns, and every hour you pay employees who can’t get any work done.
The cyber insurance market reflects this. Premiums are going up. Businesses who’ve put modern protections in place are 92% less likely to need to claim, according to the National Cyber Security Centre.
Rethinking what cybersecurity means
If you’ve invested in cybersecurity that protects your data, but your uptime is still exposed, these risks are too big to ignore.
I believe it’s time to broaden what we mean by cybersecurity.
For years, it’s been about data: stopping breaches, encrypting information, tightening authentication.
But today, access is just as critical. If customers and employees can’t reach your systems, data protections don’t matter. Availability must become a core layer of security.
Protecting availability the smart way
Availability then needs to be protected in the same way as data – intelligently, without slowing your business down.
That’s the approach we’ve taken at Pulsant. Our technical team has poured everything into developing the right answer for UK businesses. The result is DDoS Protect, a managed service that:
- Detects attacks automatically, before they reach your systems.
- Reroutes traffic through a UK scrubbing facility, mitigating attacks minimising the impact to your IT performance and network latency.
- Handles large-scale attacks so your business can continue uninterrupted, whatever comes your way.
It’s a small change for our clients. You can add DDoS Protect to your existing services, and there’s nothing else to do. There’s no deployment work or extra tasks for IT staff.
Closing the gap
Cybersecurity used to mean protecting data. That still matters. But today, the evolving DDoS threat makes availability just as critical.
DDoS attacks don’t steal information, but their impact is just as bad – they stop your business from functioning.
Resilience now means defending against both breaches and disruption. Thankfully, that doesn’t have to mean a whole new strategy, or huge costs.
