Thought leadership

4 myths UK telecoms service providers want you to believe

May 21, 2025

min read

Highlights

Most ISPs resell legacy infrastructure, unlike Vorboss that has purpose-built its own fibre network for business connectivity. Dispelling the myth that older networks are more secure, Vorboss has security measures integrated into its new network design, ensuring protection against vulnerabilities and offering direct cable connectivity for enhanced security. Vorboss advocates for 10Gbps as the new standard in connectivity, addressing the misconception that businesses don't require such bandwidth.

As technology advances, the connectivity needs of businesses change and grow. Unfortunately, other UK telecoms service providers lack the agility to adapt their services to this ever-changing landscape. They would rather keep customers in the dark about the infrastructure they are using, so they stay complacent with the status quo.

At Vorboss, we think that's wrong, so we'll dive into some of the most common myths that UK telecoms service providers perpetuate. A lack of transparency in the industry prevents businesses from getting the connectivity they deserve—connectivity that will fuel their ambitions.

Misconceptions about UK telecoms service providers

Infographic about UK telecoms service providers myths

Myth #1: Each ISP has its own fibre network

You may believe that each Internet Service Provider (ISP) has its own dedicated fibre network. In reality, most business ISPs in London resell legacy Openreach infrastructure rather than relying on a network they built. This leads to unreliable connections and slow speeds for their customers.

Vorboss is the only ISP in London that has purpose-built its fibre network from scratch, using the latest technology and design. We are the only vertically integrated ISP dedicated to business in London, owning the network and service end-to-end. This gives us complete control and responsibility over our network, delivery, infrastructure, and customer experience.

Unlike other ISPs, we have no third parties involved at any stage of the process. Our in-house team handles everything from customer service, contracts, billing, installation, network design, and more. Customers deal directly with the engineers who built the network, ensuring quick response times for fault rectification, installations, and bandwidth upgrades.

Because we own the network, we can provide transparent pricing and commercial terms. There are no hidden costs or extra charges; the bandwidth you purchase is the bandwidth you receive.

Myth #2: Legacy networks are the most secure

Another misconception in the telecommunications industry is the belief that legacy networks are inherently more secure than AltNets. Telecoms companies claim that their older networks are more secure than their competitors, but the truth is that the age of a network does not determine its security level.

We understand the importance of network security at Vorboss. We designed our brand-new network with the latest security measures to ensure the highest level of protection for our customers' data.

Unlike legacy fibre networks that use on-street infrastructure, which can be vulnerable to vandalism, weather, power failures, and traffic damage, we deliver direct cable connectivity to eliminate these risks. We have diverse routing options to ensure resilience, and no one is ever more than 20 minutes away from a Vorboss engineer in Central London. We also have 24/7 proactive network monitoring and operational support from experienced network and security operations professionals.

No network is ever 100% secure, regardless of whether it's a legacy network or a newer one. Security is determined by the measures to protect the network, not by age. So, the belief that legacy networks are inherently more secure is a myth.

Myth #3: No one really needs 10Gbps bandwidth

Many mistakenly believe that businesses don't need to have 10Gbps business internet bandwidth. Why, then, are we at Vorboss trying to make 10Gbps the new standard in speed and capacity?

For London to remain a global leader, its businesses must be future-proofed. Bandwidth consumption is constantly growing – data requirements are doubling every two years – so limited bandwidth will quickly start holding back the companies driving our city's economy. They need to be able to use emerging technologies, such as AI and quantum computing, to remain competitive.

Businesses can focus on innovation, transformation, and gaining a competitive edge by removing bandwidth concerns. We understand that some companies may not need that much bandwidth right now, but we provide it on purpose so they will never have to worry about running out in the future. Connectivity should never be a limitation for business growth.

If your business uses 1Gbps, then it uses a legacy product. The network these internet service providers use would need substantial upgrades to provide what Vorboss provides – 10Gbps as a minimum, with the capability to quickly ramp up to 100Gbps business internet on the same network. We invested £250m into a brand-new fibre network designed for forward-thinking organisations' current and future needs.

Selling less than 10Gbps doesn't make sense to us, as it doesn't cost us any less to provide you with less bandwidth. ISPs charging incrementally for bandwidth consumption are exploiting customers to maximise profits. We don't constrain or manufacture bandwidth, and we provide purposeful abundance and transparency in pricing to our customers.

Myth #4: ISPs have the right to throttle your internet speeds

Throttling refers to ISPs temporarily slowing down your internet connection speed to manage their network capacity. This practice is often associated with wireless and mobile ISPs, but even some business fibre providers use throttling. But is that allowed?

Here's the truth – if your ISP is throttling your internet speeds, it should be outlined in your service level agreement (SLA). You have the right to be aware if you're not getting the rate you're paying for all day, every day.

It's important to note that ISPs are required to be transparent in their approach to net neutrality and traffic management. ISPs are prohibited from prioritising certain types of traffic over others and cannot intentionally slow down your connection. If you feel like throttling tactics from your current provider are holding you back, it's time to demand more or consider switching to a reliable ISP.

At Vorboss, we never throttle customer speeds, regardless of the bandwidth package customers choose. We believe in providing reliable and consistent internet speeds to our customers without sneaky tactics to hold them back. Besides, we offer Direct Internet Access (DIA), delivering connectivity to each specific customer via their own direct fibre connection. That means no varying speeds or sharing bandwidth.

Why you should demand more from UK telecoms companies

We have brought a new type of business-only internet and service to London, which is better and different from other UK telecoms companies. We want to lift the lid on industry secrets and call things out for the long-term health of our customers and the city.

We envision a future where the bandwidth for any task is available, allowing businesses to explore new solutions, ways of working, and technologies in the same way unlimited data has changed consumer behaviour with handheld devices. In turn, London will be able to compete at the highest level for years to come.

The telecommunications industry is ever-changing, and customers should always demand the best from their telecoms companies. Don't be fooled by the myths and misconceptions about them—your business deserves better.

If you want to learn more about connecting with us, speak to one of our experts today.

Get in touch.

Tell us about yourself so we can serve you best.

Vorboss recognised by City of London Corporation for excellence in streetworks for fourth consecutive year

All

Insights

May 13, 2025

Cybersecurity for SMEs: what to know as you grow

Gone are the days when SME businesses could view cybersecurity mostly as a concern for big corporations with global exposure and dedicated IT resource. Today, cybercrime is a multi-billion pound ‘industry’, with small and mid-sized businesses most often in its sights.

And the risks are very real. In the past year alone, brands including M&S, Co-op, Harrods, and even major railway stations have made headlines due to cybersecurity incidents. These high-profile cases show that no organisation, regardless of size or sector, is immune. They also serve as reminders of how disruptive and damaging an attack can be.

So, who is it that poses the threat? The answer is highly organised criminal groups, generally based overseas, running lucrative cybercrime business models, all on their own. With ransomware now a billion-pound industry, these groups buy and sell stolen data, lease out attack tools, and target companies whose stolen data indicates their capacity to pay.

According to HMRC, 70% of UK SMEs were hit by cyberattacks last year. Yet half of all UK and US businesses, mostly smaller firms, still don’t have a response plan in place.

So let’s look at why SMEs are at such risk, what today’s most common threats look like, and the practical and affordable steps you can take to protect yourself if you run a business.

These insights emerged from a fascinating recent panel discussion which our very own Aaron Rice, CIO, hosted at Vorboss HQ, featuring leaders from cybersecurity firms Wavenet and SE LABS. If you’re running an SME and don’t yet have a clear cybersecurity plan, this is the place to start.

Not ‘if’, but when. The case for ‘resilience’

Cybersecurity used to be about trying to build an impenetrable wall around your systems, but as the threat landscape has changed, so has the mindset. Today, it’s less about preventing every attack and more about being ready to respond when something does get through.

This concept - resilience - came up repeatedly as Wavenet’s CISO, Paul Colwell, and SE LABS’ CEO, Simon Edwards, shared their views. Their message for SMEs was clear. It’s not a question of if you’ll be attacked, it’s a matter of when. How well you bounce back may be the difference between a brief disruption and a long-term crisis.

Perhaps the first question to ask in any cyber incident is “Do we have backups?”. If your systems are compromised or locked down, having secure, up-to-date backups can be the difference between getting back to work or being forced to pay a ransom to regain access. Backups don’t stop an attack, but they’ll make recovery easier.

A cyberattack doesn’t just target your systems, it puts your entire business at risk. Downtime, financial loss, and damaged customer trust are all on the table.

The good news is that becoming resilient doesn’t involve making huge investment into high-end technology. With a little planning, it’s entirely possible to build a strong line of defence, and a solid plan for recovery, without excessive cost. In fact, with fewer systems, simpler structures, and the ability to act quickly, smaller businesses often have an advantage over large enterprises when it comes to putting effective measures in place.

The most common cyber threats to SMEs

As most SMEs don’t have the time or budget to keep up with every new cybercrime threat, they make attractive targets for hackers, and though cyberattacks come in all shapes and sizes, certain threats show up again and again.

So, what are the most common cyber threats facing SMEs?

Phishing and identity theft

This is where it usually starts. A staff member receives what looks like a legitimate message, usually impersonating a colleague, a supplier, or even a client. It might ask them to click a link, update some details, or approve a payment.

If they take the bait, attackers can obtain access to login credentials, email accounts, or sensitive data, all without needing to “break in”. In the words of SE LABS’ Simon Edwards, “Hackers don’t break in. They log in.”

Ransomware

Ransomware is a frighteningly effective criminal business model, whose use against SMEs has escalated dramatically. Attackers encrypt your data, lock your systems, and demand payment (usually in Bitcoin) to let you back in. In 2023 alone, ransomware was already estimated to be worth over £1bn a year.

While paying the ransom may seem to be the quickest way out, it can open your business up to serious legal and ethical risks, especially if you have no visibility on where the money you’re paying over is going to.

Business email compromise (BEC)

BEC attacks are clever, patient and, again, highly lucrative. Hackers gain access to an internal email account and often set up automatic forwarding to an external address, allowing them to silently monitor conversations over time. They gather intel, study genuine correspondence, and then strike, perhaps by sending a fake invoice or redirecting a payment. It’s why fake emails are so convincing: these criminals aren’t guessing, they know exactly what you’re expecting and exploit timing and trust with precision.

Cyber hygiene. Arranging simple, powerful protection

Cybersecurity doesn’t have to start with technology. It starts with behaviour; simple, everyday habits that make it harder for attackers to get in.

Unlike big organisations with complex systems, SME management teams are usually free to set rules, enforce good habits, and make changes without needing to go through layers of approval.

The number one non-technical thing an SME can do to protect itself? Simon Edwards didn’t hesitate: “Easy. Cyber hygiene and the Cyber Essentials programme.”

So, what does good, basic cyber hygiene look like? A good way to think about it is via ‘The 3 Ps’, as the industry refers to them.

Passwords

Make sure everyone in your business is using strong, unique passwords, and that these aren’t shared or reused across different systems.

A strong password should:

• Be at least 12 characters long

• Use a mix of uppercase and lowercase letters, numbers, and symbols

• Avoid personal details or common words

Next, enforce multi-factor authentication (MFA) wherever possible. It’s one of the simplest and most effective ways to stop unauthorised access.

Phishing

Your team is your first line of defence. Train your people to recognise suspicious emails, double-check unusual requests, and report anything that doesn’t feel right. Most phishing attacks rely on urgency or familiarity to bypass common sense, so encouraging people to pause and consult with managers or appropriate colleagues before taking any action in response to a suspect email can make all the difference.

Patching

Every piece of software has flaws, and cybercriminals are quick to exploit these. Keep all your systems up to date. That includes operating systems, email tools, cloud platforms, routers, and printers. When a zero-day vulnerability is announced, fast patching is critical. It could be the difference between staying secure or becoming one of the first victims.

None of these steps requires major investment. All that’s needed is a clear policy, regular reminders, and a commitment to taking security seriously.

Certifications that help protect and reassure

Even when you recognise the danger of cyberattacks and have measures like these in place to reduce your exposure, how can you evidence this to clients and customers, as well as your employees?

It doesn’t have to be complex - there are certification schemes built specifically for SMEs.

At a basic level, they help you cover the fundamentals. But they also send a clear signal to clients, partners, insurers, and suppliers that you’re serious about reducing risk.

The three most widely recognised certifications are:

Cyber Essentials

The entry point for most UK organisations, and a great starting place for SMEs. Cyber Essentials is a government-backed scheme that covers the basics: secure configuration, access controls, software updates, and protection against common threats. It’s a self-assessed process and, once certified, you’ll receive a badge that shows you’ve met the standard. Clients like it. Insurers like it. And it’s easier to attain than you think.

Cyber Essentials Plus

This is the next step up. It includes everything in the basic Cyber Essentials scheme but adds an independent audit and technical testing. If your business handles sensitive data, works with regulated industries, or simply wants more assurance, then this is worth considering.

ISO 27001

Recognised internationally, this is the gold standard for information security management. It’s more involved and more expensive than Cyber Essentials, but if your business is growing fast or you’re working with enterprise clients, it can be a significant asset.

Whatever level of certification you feel is appropriate for your business, try not to treat it as a one-off box-ticking exercise. It’s a chance to improve your practices, strengthen your culture, and set a clear security baseline that will protect you as you grow.

What to do if you’re attacked

No matter how well prepared you are, things can still go wrong.

The key is to stay calm and act quickly, following a pre-prepared response plan. A good response plan doesn’t just help you recover faster. It can also limit the damage, protect your customers, and stop the same thing happening again.

If you find yourself under attack, here’s what to do:

1. Find the way in

Your first priority is to understand how the attacker got access. Was it a stolen password? A phishing email? A vulnerability in your software? Until you know, you won’t be able to shut the door properly, and you risk being hit again.

“Your number one priority is to understand the route of attack, and block it,” Simon Edwards advises. “If you don’t, there’s nothing to stop them coming back.”

2. Contain the damage

Isolate affected devices or systems. Lock down compromised accounts. If you work with an IT provider, contact them immediately. The faster you act, the more you can limit the spread.

3. Check your backups

If your systems have been locked by ransomware or wiped by an attacker, check whether your backups are intact and up to date. If so, you may be able to restore your data without paying a ransom and get your business back on its feet faster. Ideally, backups should be stored offline or in a secure cloud service and tested regularly to make sure they work when you need them.

4. Don’t rush to pay

If it’s a ransomware attack, you’ll be asked to pay - usually in Bitcoin. But paying the ransom doesn’t guarantee you’ll get your data back, and it could even put you in legal trouble if the money later turns up in a sanctioned country. Always get expert advice, ideally from a law firm with a cybersecurity team, before taking any action.

5. Inform the right people

Depending on the nature of the breach, you may need to notify regulators, clients, suppliers, or insurers. Transparency is important, and delay can make things worse. If you hold personal data, you may also have a legal duty to report the incident to the Information Commissioner’s Office (ICO).

6. Learn from it

An attack is painful, but it’s also an opportunity. Once you’ve recovered, take time to understand what went wrong and how to prevent it in future. Were there warning signs? Was it something that could have been stopped? Use the experience to build better defences.

Penetration testing. Something to know as you grow

As your business grows or handles sensitive data, you’ll likely hear about penetration testing. Pen testing involves hiring ethical hackers to find weak spots in your systems before attackers can exploit them.

For many SMEs, especially early on, this might be overkill. But as your business scales, or you pursue larger clients, ‘pen testing’ can become a requirement. Insurers may also ask about it if you’re looking for more comprehensive cyber cover.

Don’t forget your suppliers

Many SMEs rely on third-party suppliers like cloud software and service providers to handle everything from email and invoicing to customer data and collaboration tools. But if one of those providers gets hacked, your business could be affected.

Don’t hold back. Ask the companies whose systems you engage with a few simple questions:

• "What security measures do you have in place?"

• "Are you certified under schemes like Cyber Essentials or ISO 27001?"

• "If something goes wrong at your end, who’s responsible, and how will we be informed?"

It doesn’t need to be a formal audit. Just showing that you’re aware of the risk and asking for basic reassurances can go a long way. And if a supplier is vague or dismissive about security, treat that as a red flag. In the end, your own cybersecurity is only as strong as the people you trust to help run your business.

Take action today

You don’t need to overhaul your entire business to make meaningful progress on cybersecurity. A few well-chosen actions will dramatically reduce your risk, and set a solid foundation for whatever may happen:

A final thought: resilience beats perfection

Cybersecurity can feel like a complex topic, especially when you’re running a growing business and perhaps no dedicated IT team. But protecting your company doesn’t mean spending a fortune on tech.

It means being prepared. Putting sensible safeguards in place. Creating a culture of awareness. And knowing how you’ll respond if, or when, something goes wrong.

That’s resilience, and it’s well within reach for every SME.

Get in touch

If you'd like to discuss building resilience, or how your connectivity can strengthen your security strategy, speak to one of our experts today.

We’ll connect you directly with SE LABS or Wavenet if we believe it’s the right fit for your needs.