Cyber Doc logo Cyber Doc
Cybersecurity Term

What is an attack surface?

The accounts, systems, services, devices, and people attackers could try to target.

Risk & Compliance Last reviewed: 2026-05-20

← Back to Learn Centre

What is an attack surface?

An attack surface is the collection of systems, accounts, services, devices, and people that attackers could try to use to reach a business.

Simple example

A company’s attack surface includes its website, email accounts, remote access, cloud services, staff devices, and suppliers.

Why it matters

Reducing unnecessary exposure makes it harder for attackers to find a way in.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Keep an asset inventory.
  • Remove unused accounts, services, and exposed systems.
  • Review internet-facing services regularly.
  • Use MFA and secure configuration.
  • Limit third-party access.

Reactive steps

  • Identify which exposed system or account may have been used.
  • Reduce unnecessary exposure during containment.
  • Review logs for exposed services.
  • Close or restrict risky access.
  • Update the asset inventory after the incident.

Related terms

  • Exposure
  • Vulnerability
  • Threat landscape analysis