Skip to main content
SecurityXP

Cloudflare proudly joins the UK government's Cyber Resilience Pledge Cybercrime

· 3 min read · SecurityXP

Key Facts

  • This trend is consistent with broader data from the UK Cyber Security Breaches Survey, which revealed that 43% of surveyed British businesses and 28% of charities reported suffering from a cyber incident this past year.
  • We are grateful that DSIT's toolkit and resources are available to benchmark, reinforce, and support boards' ongoing governance efforts across the entire UK economy.
  • These practices help ensure that Cloudflare's critical supply chain undergoes stringent security vetting, meeting the risk-reduction outcomes intended by Cyber Essentials.
  • Most breaches still exploit well-understood gaps, like unpatched systems, weak access controls, or poor vendor oversight.
  • The network is the sensor Because Cloudflare directly peers with more than 13,000 networks globally, we see attack patterns as they emerge.
  • They designed systems to "fail small," and built new tooling to enforce safer configuration changes and automate best practices, so the same failure can't happen twice.
  • At the end of 2025, Cloudflare data showed that the UK had risen to be the sixth-most targeted location across the globe for DDoS attacks, with threat actors increasingly targeting application-layer services in financial services, aviation, and regional government infrastructure.
  • At the same time, frontier AI models are rapidly changing the security landscape, lowering the barrier to entry for attackers, and enabling more automated vulnerability scanning and more convincing phishing campaigns.
  • Cloudflare is fully aligned with the UK government's mission to elevate cybersecurity governance within companies and organizations of all sizes.
  • How Cloudflare helps strengthen resilience through security Thanks to the scale of our network, we can help organizations build resilience by shifting protection closer to the edge, before threats reach core systems.

This trend is consistent with broader data from the UK Cyber Security Breaches Survey, which revealed that 43% of surveyed British businesses and 28% of charities reported suffering from a cyber incident this past year. We are grateful that DSIT’s toolkit and resources are available to benchmark, reinforce, and support boards’ ongoing governance efforts across the entire UK economy.

The Criminal Operation

These practices help ensure that Cloudflare’s critical supply chain undergoes stringent security vetting, meeting the risk-reduction outcomes intended by Cyber Essentials.

Further details indicate that most breaches still exploit well-understood gaps, like unpatched systems, weak access controls, or poor vendor oversight.

The network is the sensor Because Cloudflare directly peers with more than 13,000 networks globally, we see attack patterns as they emerge.

They designed systems to “fail small,” and built new tooling to enforce safer configuration changes and automate best practices, so the same failure can’t happen twice.

Victims & Losses

Today, the UK government launched the Cyber Resilience Pledge: a voluntary framework inviting organizations to commit to foundational cybersecurity governance, board-level accountability, and thorough cybersecurity coverage across supply chains. At the end of 2025, Cloudflare data showed that the UK had risen to be the sixth-most targeted location across the globe for DDoS attacks, with threat actors increasingly targeting application-layer services in financial services, aviation, and regional government infrastructure. It asks organizations to make cyber resilience a leadership-level priority, to implement appropriate controls to boost threat awareness, and to help ensure supply chains meet a meaningful security baseline.

At the end of 2025, Cloudflare data showed that the UK had risen to be the sixth-most targeted location across the globe for DDoS attacks, with threat actors increasingly targeting application-layer services in financial services, aviation, and regional government infrastructure.

Cloudflare is fully aligned with the UK government’s mission to elevate cybersecurity governance within companies and organizations of all sizes.

How Cloudflare helps strengthen resilience through security Thanks to the scale of our network, we can help organizations build resilience by shifting protection closer to the edge, before threats reach core systems.

Protection Steps

  1. In the first quarter of 2026, Cloudflare’s global network blocked an average of 234 billion cyber threats every day.

  2. Recently, we mitigated a hyper-volumetric DDoS attack that peaked at 31.4 Tbps.

  3. Most breaches still exploit well-understood gaps, like unpatched systems, weak access controls, or poor vendor oversight.

  4. These frameworks explicitly require the implementation of firewalls, secure configurations, user access controls, malware protection, and patch management (the five core pillars of Cyber Essentials).

Analysis

Misconfigurations and patching gaps in cloud environments remain a persistent vector for unauthorized access.

Security teams should monitor vendor advisories and threat intelligence sources closely for additional context or updates. Organizations with mature security programs are advised to incorporate this intelligence into their regular risk assessments and prioritize response activities based on exposure and asset criticality. For environments where immediate remediation is not feasible, compensating controls such as network segmentation, enhanced monitoring, and access restrictions should be evaluated. Security leadership should communicate relevant details to operational teams and ensure that incident response capabilities are prepared if exploitation is observed in the wild.

Sources

  1. https://blog.cloudflare.com/cloudflare-joins-uk-cyber-resilience-pledge/

Sources & References

S SecurityXP
SecurityXP Cybersecurity News & Analysis

SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

Related Articles