Securing the UK’s digital future: democratising DDoS defence

Resilience through access

The UK is at a pinch point in the journey towards a more cyber resilient future, with threats changing face and tactic by the day; private and public sector organisations are struggling to adapt and protect.

However, the urgency couldn’t be clearer. The National Cyber Security Centre has revealed that the UK experiences four nationally significant cyber incidents every week – all of which pose a major threat to the economy and public infrastructure. [1]And it’s no wonder. The explosion of digital innovation in the last decade has opened up unparalleled opportunity, but has also increased the attack surface, giving cyber criminals the platform to stage nationally catastrophic cyber-attacks.

But a silent assassin amongst UK threats are Distributed Denial of Service (DDoS) attacks. These attacks are a national concern, not just a corporate one, with the potential to knock out access to essential public digital services, and private platforms alike. That has material impact on the economy, the citizen experience and industry integrity – with the potential to disrupt worldwide supply chains, such as the effects seen after the Jaguar Land Rover attack.

Globally, DDoS incidents have grown in attack volume by more than 350%, with more attacks recorded in h1 of 2025 than all of 2024[2]. This explosion opens a question of whether existing security measures are adequate, and how technological advancements offer protection against both the growing scale and volume of DDoS attacks from bad actors.

 To protect basic infrastructure from such threats, policy, inclusion, and innovation need to be at the forefront of this conversation.

Evolving face of DDoS attacks

One-off, high-volume events designed to knock over systems for a prolonged period have evolved into multi-vector campaigns that are:

• Harder to detect
• Harder to mitigate
• Easier than ever to stage

One evolving case study that we are seeing is the rise of the Botnet Aisuru.

The access to AI generated ambushes has made it easier for bad actors to stage destructive attacks like the Aisuru botnet. With automated reconnaissance resulting in faster detection of network weaknesses, it’s now possible to generate adaptive attack patterns to shift and evade detection in real-time.

That means not only has the technicality of DDoS attacks shifted, but the faces behind them. Threat actors are now not only advanced cyber criminals, but they can also be disgruntled customers, students, and amateur hacktivist groups.

Compounding this are attacks that are outpacing traditional centralised defences that rely on ‘known’ attacks. Now, Zero-Day attacks, carpet bombing and b0t-net staged attacks are making it difficult for organisations to keep up. And that is the best-case scenario. In some cases, DDoS attacks mask devastating ransomware attacks that have the potential to knock out critical national infrastructure or entire business supply chains.

The result: shared exposure across the UK’s entire digital ecosystem. SMEs, councils, and public bodies are now facing the same complex DDoS threats as multinational enterprises.

The old mode no longer works

For too long, effective DDoS mitigation has been a privilege, not a standard. Traditional solutions have been complex to deploy, costly to maintain, and prone to performance trade-offs - leaving many smaller businesses and public sector organisations exposed.

Schools, councils, and SMEs have often faced an impossible choice: protect their networks at unsustainable cost, or accept a level of risk that would never be tolerated by larger enterprises.

In today’s threat environment, that model is untenable.

This inequality in access to protection doesn’t just endanger individual companies - it creates systemic vulnerability across the UK’s connected economy, where disruption to a single user cascades through entire supply chains and essential services.

Democratising DDoS protection at the edge

A new generation of distributed, edge-based security models is changing how organisations defend themselves. By using advanced machine learning, these systems can identify and mitigate malicious traffic closer to its source, before it ever reaches the target.

Unlike traditional, centralised scrubbing approaches, edge intelligence solutions scale equitably - providing rapid, automated protection for organisations of every size, without the latency or cost once associated with advanced defence.

This marks a fundamental shift in mindset: from reactive, isolated protection to proactive, collaborative defence that strengthens the UK’s digital ecosystem. It is a transformation enabled by industry partnerships, open innovation, and advances in AI-driven detection, making enterprise-grade protection a shared capability, not a luxury.

Ultimately, it closes a chapter on latency-riddled scrubbing centres with metallic tiering that forces organisations to compromise.

A Shared Responsibility for a Secure Digital Economy

Cyber resilience is essential for critical national infrastructure, underpinning every part of the UK’s connected economy. Democratised access to advanced protection ensures that local authorities, public services, and businesses can continue to operate confidently, even as attacks grow in scale and sophistication.

[1] ‘NCSC Publish Annual Review 2025 - Comms Council UK’ (2025)

[2] ‘CloudFlare (2025)’

---

Cyber Resilience Programme activities

techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.

What are the key areas of focus of government’s Cyber Security and Resilience Bill?

The measures set out in the Cyber Security and Resilience (Network and Information Systems) Bill, as Minister Narayan’s Written Statement states, ‘respond to the threat we face – protecting the public at home, putting national security first, and making the UK a safe and confident place to do business’.

Read the overview

Event round-up: Cyber Innovation Den 2025

Catch up on all the highlights from techUK's flagship cyber event and the seventh annual Cyber Innovation Pitching Competition.

Find out who the winner was!

 

Upcoming events

22 January 2026

Telecoms Security Act: Industry Sessions - January 2026

Online Meeting

29 January 2026

How can business position themselves to break into the fastest growing sectors in the UK?

London Forum

16 December 2025

Defra ADMS dynamic webinar

Online Webinar

Latest news and insights 

16 Dec 2025

Securing the UK’s digital future: democratising DDoS defence

12 Dec 2025

Cloud: a key digital enabler and part of our critical national infrastructure

10 Dec 2025

Building trust in the age of AI: a blueprint for public service innovation

Learn more and get involved

 

Cyber Resilience updates

Sign-up to get the latest updates and opportunities from our Cyber Resilience programme.

 

 

Here are the five reasons to join the Cyber Security programme

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

 

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

 Meet the team 

Jill Broom

Head of Cyber Resilience, techUK

Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.

Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.

Email:

[email protected]

Website:

www.techuk.org/

LinkedIn:

https://www.linkedin.com/in/jill-broom-19aa824

Read lessmore

Annie Collings

Programme Manager, Cyber Resilience, techUK

Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023. 

In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.

Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.

Email:

[email protected]

Twitter:

anniecollings24

LinkedIn:

https://www.linkedin.com/in/annie-collings-270150158/

Read lessmore

Olivia Staples

Junior Programme Manager - Cyber Resilience, techUK

Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.

She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.

Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.

Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).

Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.

Email:

[email protected]

Read lessmore

Fran Richiusa

Programme Team Assistant for Public Sector Markets, techUK

Fran serves as the Programme Team Assistant within techUK’s Public Sector Market Programmes, where she is responsible for delivering comprehensive team support, managing administrative functions, and fostering strong relationships with members.

Prior to joining techUK in May 2025, Fran built a meaningful career in the charitable and local government sectors. She worked extensively with both victims and perpetrators of crime, and notably led the coordination of Domestic Homicide Reviews across Surrey—an initiative aimed at identifying lessons and preventing future incidents of domestic abuse.

Outside of work, Fran is an avid traveller and a proud cat mum who enjoys unwinding with her feline companions.

 

Email:

[email protected]

Website:

www.techuk.org/

LinkedIn:

https://www.linkedin.com/in/francesca-richiusa/

Read lessmore

 

 

 

Authors

Pete England

Product Director, ITS