London, 6 August 2025 – Cybersecurity has become a pressing issue in the UK as organisations face an ever-evolving threat landscape. With the rise of geopolitical tensions, cyber-focused organised crime, and hybrid conflict, attackers are becoming faster, more automated, and increasingly powered by artificial intelligence. This has rendered traditional defensive strategies, such as firewalls and vulnerability scans, less effective in protecting against cyber threats.
In light of these developments, cybersecurity expert Keith Poyser is urging organisations to adopt a more proactive and autonomous approach to security. Poyser stresses the importance of regular, attacker-style testing to uncover weaknesses early on and prevent exploitation. He believes that this is a crucial element of a modern Cyber Security strategy, as part of a Continuous Threat Exposure Management (CTEM) approach.
Poyser, who serves as Vice President for EMEA at cybersecurity company Horizon3.ai, states that many organisations still rely on passive, defensive security measures. This leaves them uncertain about whether their systems would withstand a real attack. He emphasises the need for offensive security, which involves continuous testing to identify weaknesses before attackers do.
Horizon3.ai operates an offensive security platform called NodeZero, which offers 100% coverage and is 18 times faster than human testing. This platform allows organisations to conduct production-safe cyber attacks on their own IT infrastructure, known as penetration tests. This approach not only identifies vulnerabilities but also provides tailored recommendations for remediation.
The Escalating Cyber Threat Landscape
The recent surge in cyber incidents at multiple flagship retailers in the UK has served as a stark reminder that conventional approaches to cybersecurity are no longer sufficient. Many organisations claim to prioritise security, but few put their defences to the test. According to a recent report from cybersecurity company Bitsight, only one in five UK organisations rate their cyber risk management as “very mature.” The report also reveals that UK security professionals experience higher stress levels than their peers in other regions, highlighting the pressure of keeping pace with escalating threats.
Poyser believes that a shift in mindset is necessary to address these challenges. He states, “Defending passively does not instill lasting confidence. Organisations need to think like attackers, taking a proactive and measurable approach to security.” He further recommends techniques such as autonomous penetration testing, red teaming, and CTEM to reveal vulnerabilities and weaknesses, as well as test response plans and remediation efforts.
The Hidden Danger of False Confidence
Despite the increasing threat landscape, many organisations risk falling into a false sense of security. According to Horizon3.ai’s Cybersecurity Report UK 2024/25, nearly a quarter of the 150 organisations surveyed were unaware of any attacks in the past two years, and 8% claimed they had not been targeted at all. Poyser warns that such assumptions are dangerous, stating, “It’s unrealistic to believe that any organisation has been completely overlooked by threat actors for this long. The reality is that many attacks go undetected, and the consequences can be devastating.”
Pentesting Frequency Is the Key to Cyber Resilience
Horizon3.ai’s Cybersecurity Report UK 2024/25 also highlights the importance of regular penetration testing. While 60% of respondents reported carrying out pentests, only 13% have adopted automated platforms, which are considered essential for testing at the pace of today’s threat landscape. Poyser stresses that manual approaches, whether internal or external, tend to be resource-heavy and therefore less frequent. He states, “The issue isn’t just about cost; it’s about effectiveness. Automated testing allows companies to test more often and more thoroughly, which is critical when more than 560,000 new cyber threats are identified worldwide every day.”
Ultimately, cybersecurity testing is not just a technical exercise, but a cornerstone of business resilience. By embedding regular, proactive testing into their strategy, organisations can move forward with greater confidence, protecting both their operations and their reputation while ensuring they are well-prepared for the escalating challenges.
About Horizon3.ai and NodeZero
Horizon3.ai provides a cloud-based platform, NodeZero, enabling organisations and public authorities to simulate self-attacks on their IT infrastructure to assess their cyber resilience through penetration testing (pentesting). Thanks to its cloud model, the platform offers affordable, regular pentesting, making it accessible to mid-sized companies. Horizon3.ai continuously monitors the cybercrime landscape to ensure that newly discovered vulnerabilities are swiftly integrated into the cloud system. NodeZero not only identifies security flaws but also offers tailored recommendations for remediation. Through this platform, Horizon3.ai helps organisations meet rising regulatory demands for cyber resilience in Governance, Risk & Compliance (GRC), with guidelines recommending an internal self-attack at least once a week.
Trademark notice: NodeZero is a trademark of Horizon3.ai
Further information: Horizon3.AI Europe GmbH, Prielmayerstrasse 3, 80335 Munich, Web: www.horizon3.ai
Derick is an experienced reporter having held multiple senior roles for large publishers across Europe. Specialist subjects include small business and financial emerging markets.