Reliability and compensation report: the impact of poor business fibre connectivity

Business broadband vs leased line: the key differences?

Expert conclusion: The label ‘business broadband’ doesn’t really mean anything – the term covers a wide range of services, each with very different experiences. Get into the details, and save yourself a lot of frustration and disappointment.

‍

Broadband vs leased line explained

• Broadband: A standard, shared internet connection typically designed for home use, but sometimes used in small offices. Speeds can vary, especially during busy times, and upload speeds are often much lower than downloads – which can limit performance for modern business applications.
• Leased line: A private, dedicated connection between your premises and your provider. Symmetrical speeds, guaranteed performance, and no sharing with neighbours - specifically designed to meet the demands of modern business connectivity.

‍

What is business broadband?

Most of the time, it’s just the same product as the ISP (Internet Service Provider) sells to their residential customers, but more expensive and probably bundled with a low-level cyber security product.

It has a dedicated web page, with stock photos of people doing business. And it comes with some comforting words to tell you that they know how hard business is. Excruciating.

Your traffic isn’t prioritised. Your connection isn’t dedicated. And if you have an ‘account manager’, they’re probably responsible for literally thousands of customers like you.

If you pay more, you might get a commitment to investigate faults within a given time – usually within a day.

When you’re looking for business broadband, bear these things in mind. Look at the details to see if you’re simply being sold a standard home broadband package disguised as a business solution.

‍

What does great internet connectivity for business look like?

It’s very easy to call something business broadband. But it’s a very different thing to provide internet connectivity that’s genuinely fast and reliable enough for London business in 2025.

One of the fundamental features of an internet product for business is a dedicated connection.

‘Broadband’ or ‘FTTP’ (that’s Fibre to the Premise) means that the service you’re paying for is shared between you and typically 30 of your neighbours – whether they’re houses or other businesses.

So when you have a broadband or FTTP connection, don’t expect to get the Gbps speeds you’ve paid for at busy times (which is most of the working day). It’s cheap, and it connects. But it’s not a product that you can rely on to keep your business running.

At the busiest times, you'll have to hope that it’ll give you what you need. That might mean putting up with a poor-quality video call, a painful wait downloading a PowerPoint, or an eternity for every employee to log in to Teams at 9am.

Internet connectivity that you and your business can rely on is going to be dedicated to you, and that means taking a leased line (also knows as DIA, or direct internet access).

‍

What is the difference between business broadband and business leased line or ‘dedicated’ internet (DIA)?

One word: reliability.

That’s the key difference between the experience of these two technologies: how much you can rely on your connection, and how that impacts your business. We see it in every customer interaction as they move from broadband to direct internet – the shackles are off.

While business broadband infrastructure is shared with the businesses and houses around you, leased line (or direct internet) infrastructure is dedicated to you – it isn’t shared with anyone.

It’s your connection, and every bit of the bandwidth you’re paying for is yours. It’s guaranteed. Always giving you the internet speed and capacity you need, no matter how busy things get.

The whole Manchester office coming down for a team day? No problem. Sending a broadcast-quality video file to a client on a deadline? Easy. Worrying about signing up to a new cloud-based software for project management? Don’t. Putting the CEO on a video call that has to be perfect? Do it.  

A 10Gbps leased line ensures you always have the speed you need. It’s a service you and your business can rely on.

‍

What are the key features of business leased line and business broadband?

Leased line:

• Dedicated to one customer – a dedicated, private cable between your office and your provider's data centre

• Symmetrical – you get the same upload speed as download speed

• Highly reliable

Broadband:

• Shared circuit by up to 32 users

• Usually asymmetrical – upload typically much slower than download

• Prone to performance issues, particularly during the working day

‍

The technology explained

We’ve covered the difference in experience, but what’s the technology difference?

A ‘leased line’ is a dedicated fibre connection between your office space and your provider’s spot in a data centre (often called a Point of Presence, or PoP). This is where your connection reaches the internet or cloud.

Your proximity to the provider’s data centre is important for latency – which is the speed at which things happen online. It’s not to be confused with upload and download speed, which is how long content takes to get to/from you. It’s more like how quickly the order you give is obeyed.

Two more important features of a leased line network are how many data centres your provider connects to, and how many diverse routes they have between you and those centres.

More than one data centre, and numerous routes equals resilience. And resilience is vital in business internet connections. If one route gets blocked, your data has alternative routes so there's no disruption.

Leased lines use fibre, but they’re not like residential broadband as the fibre line isn’t shared. You’ll often read about leased lines being called Ethernet, but the main terms to look out for are Leased line or Direct Internet Access (DIA).

A broadband connection is typically PON-based – that’s passive optical network, and relates to the way in which ‘splitters’ are used to connect multiple customers to the same fibre. It’s a revolutionary technology when it comes to delivering fibre to multiple homes, where super low cost is the main driver. But for business, it’s ‘best effort’, at best.

It’s cheap to deliver, and so it’s relatively cheap to buy. But it comes with the reality that you cannot rely on it. If the other homes or businesses on your fibre are using the network, then you’ll suffer.

‍

What are the benefits of a leased line?

A dedicated connection means guaranteed bandwidth

With a leased line, you get every bit you pay for, unlike a shared ‘broadband’ connection, where you can pay for 1Gbps but it’s highly unlikely you’ll ever see that speed.

A connection you can rely on

Always the speed you’ve paid for and infrastructure that’s backed up by an SLA (Service Level Agreement) – and automatic compensation if you choose a really good ISP. And the ability to order a back-up line, to increase the resilience of your service.

Lower latency

The more direct architecture and quicker route to a data centre (where your connection hits the internet) means a leased line will almost always offer lower latency than a broadband connection.

Upload that matches download

Most broadband, FTTP and cable services advertise the download speed but keep quiet on upload – that’s because upload is significantly slower in these services, often as little as a tenth of the speed. Leased lines have ‘symmetrical’ download and upload.

Enhanced security

Security can never be taken for granted, so check on the Infosec and compliance qualifications of your provider – typically, those selling residential-grade services won’t invest in this area, but serious business providers recognise the huge benefit to their customers.

‍

A feature comparison

Breach breakdown

In April 2025, Marks & Spencer (M&S) was hit by a serious cyberattack, and not by amateurs. The group behind it, known as Scattered Spider (also known as UNC3944 or Octo Tempest) has a track record. They’ve already taken on major U.S. giants like Caesars Entertainment and MGM Resorts.

Our 40Fi DFND team has done a deep dive into what happened and, more importantly, how businesses like yours can stay protected.

Want practical, jargon-free cybersecurity advice tailored for your business?
Join our free workshop with the City of London Police. Register now.

‍

How they got in

Scattered Spider used smart, targeted phishing emails and impersonated IT staff to trick people into handing over their credentials. They even used a tactic called "MFA fatigue", which consisted of spamming employees with repeated login requests until one was mistakenly approved.

Threat intelligence researcher, Lontz reported on suspected Scattered Spider infrastructure (see figure 2), involving fake domains designed to mimic legitimate login pages of well-known websites. A spoofed company login page could have been created to get access to M&S employee login details.

What happened after they got in

Initial access to M&S systems is believed to have been as early as February. Once in, the attackers used stolen administrative credentials to deploy legitimate remote administration tools (RATs). This gave them ongoing control over key systems (including employee devices), helping them stay hidden while moving through the network.

Here's what they did:

• Installed remote desktop access tools like AnyDesk and TeamViewer - the same kind real IT teams would use
• Moved around through different M&S’s internal systems to grab as much data as possible
• Targeted critical assets like password databases and user credentials

Finally, they created secret access points, hidden accounts, and scheduled tasks to make sure they could stay inside the company's network without getting noticed.

‍

The attack

On April 24, Scattered Spider launched the DragonForce ransomware attack on M&S’ VMware ESXi servers, encrypting virtual machines that powered key systems for e-commerce, payment processing, and logistics (see figure 3).

As a result, M&S had no choice but to shut down key systems entirely (including online orders and contactless payments), and call in top cybersecurity experts from CrowdStrike, Microsoft, and Fenix24 to contain the damage and start the recovery process (see figure 4).

‍

What this means for you

While M&S is a major player, the tactics used in this breach aren’t just for corporations, they work just as well against small businesses. Groups like Scattered Spider rely on common tools and stolen identities to gain trust and slip past normal security. The key lesson? Always verify the people and systems you rely on, whether they’re inside your team or external partners.

‍

What you can do to improve cybersecurity for your business

5 quick wins to protect your business

1. Train your team – teach employees to spot dodgy emails, spoofed links, and sketchy login pages.
2. Use strong passwords – create long, complex passwords that include a mix of uppercase and lowercase letters, numbers, and special characters. Never reuse passwords across different accounts.
3. Enable multi-factor authentication (MFA) – this adds an extra layer of security beyond just a password.
4. Stay vigilent – do not open email attachments or click on links unless you are certain of their legitimacy. If you have any doubts, report the email to your security team immediately.
5. Report suspicious activity fast – if you receive unexpected MFA prompts, suspicious login alerts, or calls requesting your credentials, report them to your security team as soon as possible.

‍

Additional information

• Marks & Spencer breach linked to Scattered Spider ransomware attack
• M&S ransomware hack: Active Directory security lessons
• Scattered Spider laying new eggs