The Rise in Demand For The Cyber Incident Baseline Assessment
Businesses shift from static testing to holistic, ecosystem-wide cyber risk analysis amid growing threats and regulatory pressure
LONDON, UK, 9 April, 2026 - Acora reports a rise in the demand for its Cyber Incident Baseline Assessment, an assessment designed to analyse cyber risk and the impact of a cyber attack across IT environments, combining consulting expertise with technical depth across the full IT stack to provide insight into risk exposure.
The rise in demand is linked to the UK government reporting at the end of April 2025 that UK businesses experienced approximately 8.58 million cyber crimes, including approximately 680,000 non-phishing attacks from April 2024 to April 2025.
In response, organisations are increasingly seeking deeper insights into cyber risk and cyber resilience following a year of unrest, regular regulation shifts, tightening expectations, and high-profile security breaches.
New data from Acora supports that, revealing that 25 businesses used their Cyber Incident Baseline Assessment during the last 12 months for a detailed assessment of cyber risk across their environments designed to identify vulnerabilities and potential attack pathways.
Acora reported that business leaders are facing increasing challenges, with IT environments becoming more complex and increasingly integrated with external systems, the attack surface is wider than ever, and the overall business security posture has never been more fluid and difficult to define.
James Fernley, Acora's Director of Cyber Security, states that 'business leaders are adopting a more holistic approach to attack surface management and moving away from simple, annual point‑in‑time testing, which is an outdated and static approach to vulnerability assessment and penetration testing.'
This highlights a clear transition towards understanding that cyber risk requires an overview of the entire business ecosystem behind it. Acora reported that one assessment identified 15 million potential paths to breach, with subsequent remediation reducing exposure by over 95% by carefully tuning and enhancing tools already in place.
Acora experts reported that organisations are moving away from annual testing models, with cyber security moving towards an era of artificial intelligence-powered attacks and a new level of sophistication as cyber threats become more advanced.
Historically, cyber security focused on preventing attacks through defensive controls and perimeter protection–the traditional perimeter-focused approaches that are becoming less effective in modern cyber security. Instead, business leaders and boards demand clearer answers and a cyber security strategy that supports and actively maintains operational resiliency and potential breach impact.
Many organisations are reassessing the effectiveness of traditional testing approaches, and according to Acora, businesses frequently report that annual penetration testing exercises generate the same findings year after year, even though the threat landscape is changing.
Acora's assessment was engineered to address this gap by analysing how cyber risk manifests across the entire business ecosystem.
It doesn't examine isolated systems or individual vulnerabilities and instead explores potential pathways an attacker could take once inside a network, providing a broader and more realistic understanding of risk.
Factors such as user behaviour, operational processes, infrastructure configuration, cloud maturity, data management practices and emerging technologies like artificial intelligence all influence how risk develops and spreads across an organisation.
According to Acora, this transition is also helping leadership teams make more informed investment decisions. The data provided on how risks develop and propagate through networks means organisations can better justify security improvements and align technical teams around shared priorities.
Acora believes changes will accelerate further in 2026 as regulatory pressure increases and organisations continue to experience the operational impact of cyber incidents.
The evolving cyber security landscape is contributing to a shift away from traditional point-in-time testing, as new issues emerge, including reports that AI agents have begun performing independent actions (Microsoft UK reports 88% of organisations suspect AI agent-related security incidents in the past year).
Supporting that, according to the UK Government's Cyber Security Longitudinal Survey (Wave Five), most organisations continued to experience cyber incidents (82% of businesses and 77% of charities).
The UK Government Wave Five Report also found that 1/3 of organisations (37% businesses and 36% charities) reported an increase in cyber security budgets, involving significant increases to incorporate cyber risk over time, with some of that going toward targeted cyber risk assessment strategies like Acora's assessment.
The increase in demand reflects changing approaches to cyber risk management and growing concern over evolving threats.
© Copyright IBTimes 2025. All rights reserved.
- Recommended For You
