Other BT PLC sections

Cyber Index

We play a vital role in protecting people from cyber attacks.

We want everyone to feel safe when using our technology, so we work behind the scenes to help our customers protect their devices - from both large scale attacks and more targeted attempts to steal data.

The BT Cyber Index pulls together some of the key cyber data that we are monitoring across our networks. It highlights key trends and events, explains what these mean and shows how we are protecting you from cyber threats. 

Click on the links below to find out more:


decrease in DDoS events over the last quarter *


decrease in scam activity over the last quarter *


Phishing attacks down over the last quarter *

135 million

connections to malware sites blocked per month *

* October to December 2018

Dave Harcourt, Chief Security Advisor for BT, commented:

Our latest quarterly update shows an overall drop in security incidents over our networks between October and December 2018.

We regularly see fluctuations in the number of attacks over any given time period, but unfortunately a decrease in quantity often does not indicate a decrease to the threat level. For example, the drop this past quarter may show a trend from organized crime groups to target their activity and to focus on lower numbers of higher value victims.

When criminals infect and control a large number of devices, they are able to build ‘botnets’, which can then be used to launch a huge number of simultaneous attacks. Botnets are used in many DDoS attacks, but the decrease in the number of attacks in this area likely shows that many botnet operators are turning their attention towards crypto-mining capability.

Computing power is fundamental to criminal’s success in mining cryptocurrency, and directing botnets towards this activity would indicate it is increasingly being seen as a more profitable avenue for criminals. It’s also likely perceived as ‘safer’ by criminals, as improvements in law enforcement around DDoS in the last 6 months have increased the likelihood of detection.

The decrease in malware blocks over the last three months is also likely to be a consequence of the crypto-mining trend. We’re seeing less ransomware attacks delivered by malware, as attackers focus on crypto-mining as an easier and less-attributable activity.

We believe that the downturn in the number of phishing attacks and scam activity could well be as a result of the improvements brought about by the Active Cyber Defence programme. These include more usage of DMARC (Domain-based Message Authentication, Reporting and Conformance) and increased detections and filtering of suspicious mail traffic.