Skip to main contentSkip to footer
Skip to content 
“In 2026, if your organisation is online, it’s on the radar.”
We are witnessing an unprecedented wave of cyberattacks across the UK. In just the first quarter of 2025, ransomware incidents rose by 30%, knocking hospitals offline and compromising millions of customer records. From the NHS to major high street banks, nobody is immune, and most businesses simply aren’t prepared. We sat down with Mr Farooq Zafar, veteran IT Cybersecurity Consultant working alongside Fortray, to cut through the jargon and get straight to what’s happening, why it matters, and exactly what organisations can do next.
Q1: Farooq, it feels like every week brings a fresh breach headline. What’s driving this surge?
Farooq Zafar: It really is relentless. On top of that 30% spike in ransomware in Q1, we have seen attackers use AI-powered phishing kits and exploit unpatched legacy systems. They are well funded, organised, and treating cybercrime as a 24/7 business. If you have not modernised your defences in the last 12 months, you are almost certainly behind.
Q2: Many SMEs assume they’re too small to be targeted. Is that a fair assumption?
Farooq Zafar: Not at all, actually. That is a big myth. Small businesses get targeted all the time. I mean, last year, the NCSC said something like 63% of UK SMEs reported a cyber incident. That is more than half. The thing is, hackers know smaller companies usually do not have strong defences. Fewer tools, fewer people. But the data is still valuable. So yeah, they go after them. That is why at Fortray, we have kept our detection and response services affordable, so even if you are not a big enterprise, you can still get proper, solid protection.
Q3: The British Airways loyalty breach affected over 1.2 million customers. What went wrong in cybersecurity?
Farooq Zafar: Yeah, that one was big. From what is publicly known, it came down to exposed APIs, weak access controls… and I believe some of the data was not even encrypted at rest, which is a basic. But you know, this kind of thing highlights a bigger issue. Everyone is rushing into digital transformation, new platforms, and tools, but no one is pausing to secure the basics. We at Fortray always say: secure faster than you deploy. Because once you are live, you’re also visible to the attackers.
Q4: Phishing is still the top attack vector. Why haven’t we beaten it yet?
Farooq Zafar: Honestly? Because people are still the weakest link. Over 90% of breaches still start with a phishing email, and now, with AI, the emails look very realistic. Even trained IT guys sometimes get caught off guard. That’s why we do not merely throw tools at the problem. At Fortray, we do phishing simulations, hands-on training, to get people thinking before they click. It is about building that everyday awareness across the board.
